CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company wishes to deploy a new web service in the cloud that should be publicly accessible. Additionally, the service needs to interact with a data center located on-premises without exposing this interaction to the public internet. Which setup will best achieve this objective?

  • Utilize an Elastic Load Balancer for internet-facing traffic and a Network Access Control List set to accept connections exclusively from the data center IP range.

  • Use a Network Interface with an associated Elastic IP in conjunction with a dedicated customer gateway to regulate access between the web clients and the internal data center.

  • Establish a site-to-site VPN connection using a Virtual Private Gateway, while enabling public internet connectivity with an Internet Gateway.

  • Deploy a NAT Gateway for instances that must communicate with external web clients, accompanied by rigorously configured Security Groups allowing ingress from known internal IP ranges.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures