Topic 1 Question 231
An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC A. The application requires access to a database in VPC B. Both VPCs are in the same AWS account.
Which solution will provide the required access MOST securely?
Create a DB instance security group that allows all traffic from the public IP address of the application server in VPC A.
Configure a VPC peering connection between VPC A and VPC B.
Make the DB instance publicly accessible. Assign a public IP address to the DB instance.
Launch an EC2 instance with an Elastic IP address into VPC B. Proxy all requests through the new EC2 instance.
ユーザの投票
コメント(13)
A is correct. B will work but is not the most secure method, since it will allow everything in VPC A to talk to everything in VPC B and vice versa, not at all secure. A on the other hand will only allow the application (since you select it's IP address) to talk to the application server in VPC A - you are allowing only the required connectivity. See the link for this exact use case: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html
👍 5JayBee652023/01/23Answer is B, A is not the answer <--it is not SECURE to have your traffic flow out from the internet to database.
👍 4kerl2023/02/03- 正解だと思う選択肢: B
B But what a crappy question/answers ...
👍 3JohnnyBG2023/02/04
シャッフルモード