A company is designing a multi-tier web application in a VPC. The web servers are in public subnets, and the database servers are in private subnets. The database servers must only accept traffic from the web servers. Which TWO actions should the solutions architect take to secure the database tier? (Select TWO.)

Use Security Group referencing for tier-to-tier communication. Ensure databases are in private subnets.

What mistakes do candidates make on this AWS SAA-C03 question?

Using CIDR blocks instead of Security Group IDs for internal VPC traffic.

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium

Q02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...Easy

Q03A company wants to implement a federated identity solution for its employees to access the AWS Ma...Medium

Q04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...Hard

Q05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium