ExpertAWS SAA-C03 · Question 05 · Domain 1.2: Secure Workloads
A solutions architect is designing a VPC for a three-tier web application. The database tier must be completely isolated from the internet. The application tier needs to download software updates from the internet but should not accept incoming internet connections. <br/><br/>How should the subnets be configured?
A solutions architect is designing a VPC for a three-tier web application. The database tier must be completely isolated from the internet. The application tier needs to download software updates from the internet but should not accept incoming internet connections. <br/><br/>How should the subnets be configured?
Answer options:
Place both the database and application in private subnets. Attach an Internet Gateway to the private subnets.
Place the database in a private subnet. Place the application in a public subnet with a NAT gateway.
Place the database in a private subnet. Place the application in a private subnet with a route to a NAT gateway in a public subnet.
Place the database in an isolated subnet. Place the application in a private subnet with a route to an egress-only internet gateway.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS SAA-C03 Practice Exam 4
65 questions · hints · full answers · grading