AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is deploying a web application on AWS and requires that the backend servers hosting the application are not publicly accessible, except via the application's front-end interface. What is the most effective method to prevent direct internet access to these backend servers?
Assign Elastic IP addresses to each backend server to restrict internet access.
Set up the backend servers' security group to allow inbound HTTP and HTTPS traffic exclusively from the security group assigned to the load balancer.
Limit the backend servers' security group to permit inbound SSH connections only from trusted IP addresses.
Change the route table to ensure all outbound internet traffic from the backend servers goes through a NAT gateway.
The correct method to prevent direct Internet access to backend servers while allowing them to be accessed through the front-end interface (like a load balancer) is to configure the backend servers' security group to only permit inbound traffic from the security group attached to the load balancer. This setup ensures that requests can only reach the backend servers when routed through the load balancer, providing a secure architecture. Associating Elastic IP addresses to backend instances would make them publicly accessible, contrary to the requirements. Setting up the security group to allow SSH connections doesn't relate directly to the question of protecting against public internet access. Modifying route tables to direct traffic to a NAT gateway would not prevent the servers from being accessed if they are assigned public IP addresses; it's a solution more relevant to outbound internet access from private instances.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a security group in AWS?
Open an interactive chat with Bash
What is a load balancer and how does it work in AWS?