AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your company is deploying a web application on AWS. The application requires a web server in a public subnet to be accessible from the internet and a database server that should only be accessible from the web server. Which of the following strategies provides appropriate network segmentation for the database server?
Place the database server in a private subnet with a security group that only allows traffic from the web server's security group.
Place the database server in a public subnet and restrict access by only allowing traffic on the database port from the web server's Elastic IP address.
Deploy the database server in the same public subnet as the web server to ensure connectivity.
Implement a network ACL for the VPC that allows traffic from the web server to the database on the required port and denies all other inbound traffic.
Placing the database server in a private subnet with no direct access from the internet and configuring the security group associated with the database server to allow traffic only from the security group of the web server ensures that only the web server can communicate with the database. Other options, such as placing the database server in a public subnet or allowing direct internet access, would violate security best practices by potentially exposing the database to unauthorized access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a private subnet in AWS?
Open an interactive chat with Bash
How do security groups work in AWS?
Open an interactive chat with Bash
What is network segmentation and why is it important?