CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company's architecture requires segregation between its web servers that are accessible from the internet and its backend databases that should not be directly accessible from the internet. As the Solutions Architect, you have to ensure that the databases remain protected while allowing the web servers to communicate with them. Which of the following options achieves this objective while adhering to AWS security best practices?

  • Place the databases in a private subnet and the web servers in a public subnet, and configure the security groups allowing specific traffic from the web servers to the databases.

  • Deploy both the web servers and databases in the same public subnet, using a network ACL to deny inbound traffic from the internet to the database servers' IP addresses.

  • Place the databases in a public subnet but do not assign a public IP, and configure a route table that has no routes to and from the internet gateway.

  • Utilize a NAT gateway to translate traffic from the internet to the private subnet where the databases reside, ensuring internet traffic can only reach the databases through the NAT gateway.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures