AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your company plans to host a set of web applications in the AWS Cloud. Each application should be accessible over the internet but must be isolated from one another to prevent potential security issues. As the Solutions Architect, you need to design a strategy that enforces the isolation while allowing HTTPS traffic to each application. Which approach satisfies these requirements?
Configure a single public subnet within a VPC and associate all applications to one security group that allows all inbound traffic.
Create a VPC with a single public subnet and apply a network ACL that allows inbound traffic on port 22 to ensure secure communication.
Deploy all applications to a single EC2 instance and control access using the instance's security group to allow inbound traffic only on port 443.
Create a VPC with multiple public subnets and deploy each application in a separate security group that allows inbound traffic only on TCP port 443.
Create a VPC with multiple public subnets (for example, in different Availability Zones for high availability). Launch the compute resources for each application (such as EC2 instances or Application Load Balancers) in the appropriate subnet and attach a dedicated security group to each application's network interfaces. Configure the security-group rules to allow inbound TCP 443 (HTTPS) from 0.0.0.0/0 and to deny all other inbound traffic (no rules permitting traffic from the other applications' security groups). Because a security group is evaluated at the instance or ENI level, this prevents the applications from initiating unsolicited traffic to one another while still allowing internet users to reach each application over HTTPS.
The other options either expose additional ports, place all applications behind a single overly permissive security group, or rely on opening SSH (port 22) rather than HTTPS, so they do not meet both the isolation and HTTPS-only requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VPC in AWS?
Open an interactive chat with Bash
What are security groups and how do they work?
Open an interactive chat with Bash
Why is it essential to isolate applications within a VPC?