New Release: Earn Rewards by referring new users! You can earn rewards redeemable for discounts on Vouchers and Memberships!

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company's architecture requires segregation between its web servers that are accessible from the internet and its backend databases that should not be directly accessible from the internet. As the Solutions Architect, you have to ensure that the databases remain protected while allowing the web servers to communicate with them. Which of the following options achieves this objective while adhering to AWS security best practices?

  • Utilize a NAT gateway to translate traffic from the internet to the private subnet where the databases reside, ensuring internet traffic can only reach the databases through the NAT gateway.

  • Deploy both the web servers and databases in the same public subnet, using a network ACL to deny inbound traffic from the internet to the database servers' IP addresses.

  • Place the databases in a public subnet but do not assign a public IP, and configure a route table that has no routes to and from the internet gateway.

  • Place the databases in a private subnet and the web servers in a public subnet, and configure the security groups allowing specific traffic from the web servers to the databases.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Pass using Crucial? Post on Social Media and get a $15 Account Credit! Rules apply. Hide these