ExpertAWS SAA-C03 · Question 14 · Domain 1.2: Secure Workloads
A company is designing a multi-tier web application in a VPC. The web servers are in public subnets, and the database servers are in private subnets. The database servers must only accept traffic from the web servers. Which TWO actions should the solutions architect take to secure the database tier? (Select TWO.)
A company is designing a multi-tier web application in a VPC. The web servers are in public subnets, and the database servers are in private subnets. The database servers must only accept traffic from the web servers. Which TWO actions should the solutions architect take to secure the database tier? (Select TWO.)
Answer options:
Configure the database security group to allow inbound traffic from the public subnets' CIDR blocks.
Configure the database security group to allow inbound traffic from the web servers' security group.
Attach a Network Access Control List (NACL) to the private subnet that denies all inbound traffic from the internet.
Place the database instances in a private subnet with no route to an Internet Gateway.
Assign Elastic IP addresses to the database instances and restrict access via AWS WAF.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS SAA-C03 Practice Exam 1
65 questions · hints · full answers · grading