Questions 7 to 9
Explanations for questions 7 to 9
We'll cover the following
Question 7
An application uses an Amazon RDS database and Amazon EC2 instances in a web tier. The web tier instances must not be directly accessible from the Internet to improve security.
How can a solutions architect meet these requirements?
- Launch the EC2 instances in a private subnet, and create an Application Load Balancer in a public subnet.
- Launch the EC2 instances in a private subnet with a NAT gateway, and update the route table.
- Launch the EC2 instances in a public subnet, and use AWS WAF to protect the instances from internet-based attacks.
- Launch the EC2 instances in a public subnet, and create an Application Load Balancer in a public subnet.
Correct Answer: 1
Explanation: To prevent direct connectivity to the EC2 instances from the Internet, you can deploy your EC2 instances in a private subnet and have the ELB in a public subnet. To configure this, you must enable a public subnet in the ELB that is in the same AZ as the private subnet.
Level up your interview prep. Join Educative to access 70+ hands-on prep courses.