Crucial Exams

AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company's architecture requires segregation between its web servers that are accessible from the internet and its backend databases that should not be directly accessible from the internet. As the Solutions Architect, you have to ensure that the databases remain protected while allowing the web servers to communicate with them. Which of the following options achieves this objective while adhering to AWS security best practices?

  • Place the databases in a private subnet and the web servers in a public subnet, and configure the security groups allowing specific traffic from the web servers to the databases.

  • Utilize a NAT gateway to translate traffic from the internet to the private subnet where the databases reside, ensuring internet traffic can only reach the databases through the NAT gateway.

  • Place the databases in a public subnet but do not assign a public IP, and configure a route table that has no routes to and from the internet gateway.

  • Deploy both the web servers and databases in the same public subnet, using a network ACL to deny inbound traffic from the internet to the database servers' IP addresses.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot