AWS SAA-C03 · Question 05 · Domain 1.2: Secure Workloads
A solutions architect is designing a VPC for a three-tier web application. The database tier must be completely isolated from the internet. The application tier needs to download software updates from the internet but should not accept incoming internet connections. <br/><br/>How should the subnets be configured?
Answer options:
Place both the database and application in private subnets. Attach an Internet Gateway to the private subnets.
Place the database in a private subnet. Place the application in a public subnet with a NAT gateway.
Place the database in a private subnet. Place the application in a private subnet with a route to a NAT gateway in a public subnet.
Place the database in an isolated subnet. Place the application in a private subnet with a route to an egress-only internet gateway.
65 questions · hints · full answers · grading
Expert