Topic 1 Question 55
A solutions architect is developing a VPC architecture that includes multiple subnets. The architecture will host applications that use Amazon EC2 instances and Amazon RDS DB instances. The architecture consists of six subnets in two Availability Zones. Each Availability Zone includes a public subnet, a private subnet, and a dedicated subnet for databases. Only EC2 instances that run in the private subnets can have access to the RDS databases. Which solution will meet these requirements?
Create a new route table that excludes the route to the public subnets' CIDR blocks. Associate the route table with the database subnets.
Create a security group that denies inbound traffic from the security group that is assigned to instances in the public subnets. Attach the security group to the DB instances.
Create a security group that allows inbound traffic from the security group that is assigned to instances in the private subnets. Attach the security group to the DB instances.
Create a new peering connection between the public subnets and the private subnets. Create a different peering connection between the private subnets and the database subnets.
ユーザの投票
コメント(12)
- 正解だと思う選択肢: C
A: doesn't fully configure the traffic flow B: security groups don't have deny rules D: peering is mostly between VPCs, doesn't really help here
answer is C, most mainstream way
👍 26Sinaneos2022/10/13 Just took the exam today and EVERY ONE of the questions came from this dump. Memorize it all. Good luck.
👍 12Gary_Phillips_20072023/03/01- 正解だと思う選択肢: C
Inside a VPC, traffic locally between different subnets cannot be restricted by routing but incase they are in different VPCs then it would be possible. This is imp Gain in VPC
- So only method is Security Groups - like EC2 also RDS also has Security Groups to restrict traffic to database instances
👍 6KVK162022/10/16
シャッフルモード