CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

Your company is deploying a web application on AWS. The application requires a web server in a public subnet to be accessible from the internet and a database server that should only be accessible from the web server. Which of the following strategies provides appropriate network segmentation for the database server?

  • Place the database server in a public subnet and restrict access by only allowing traffic on the database port from the web server's Elastic IP address.

  • Implement a network ACL for the VPC that allows traffic from the web server to the database on the required port and denies all other inbound traffic.

  • Deploy the database server in the same public subnet as the web server to ensure connectivity.

  • Place the database server in a private subnet with a security group that only allows traffic from the web server's security group.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures