ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 782 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 782
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company wants to deploy an internal web application on AWS. The web application must be accessible only from the company's office. The company needs to download security patches for the web application from the internet.

The company has created a VPC and has configured an AWS Site-to-Site VPN connection to the company's office. A solutions architect must design a secure architecture for the web application.

Which solution will meet these requirements?

  • A. Deploy the web application on Amazon EC2 instances in public subnets behind a public Application Load Balancer (ALB). Attach an internet gateway to the VPC. Set the inbound source of the ALB's security group to 0.0.0.0/0.
  • B. Deploy the web application on Amazon EC2 instances in private subnets behind an internal Application Load Balancer (ALB). Deploy NAT gateways in public subnets. Attach an internet gateway to the VPC. Set the inbound source of the ALB's security group to the company's office network CIDR block.
  • C. Deploy the web application on Amazon EC2 instances in public subnets behind an internal Application Load Balancer (ALB). Deploy NAT gateways in private subnets. Attach an internet gateway to the VPSet the outbound destination of the ALB’s security group to the company's office network CIDR block.
  • D. Deploy the web application on Amazon EC2 instances in private subnets behind a public Application Load Balancer (ALB). Attach an internet gateway to the VPC. Set the outbound destination of the ALB’s security group to 0.0.0.0/0.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Andy_09 at Feb. 6, 2024, 7:57 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Andy_09
Highly Voted 1 year, 2 months ago
Option B
upvoted 7 times
...
osmk
Highly Voted 1 year, 2 months ago
Selected Answer: B
none sense why IGW on top of NATGW.
upvoted 6 times
MatAlves
7 months, 2 weeks ago
https://docs.aws.amazon.com/network-firewall/latest/developerguide/arch-igw-ngw.html Confusing, I agree. But it seems to be recommended in some cases.
upvoted 1 times
...
...
striker89
Most Recent 6 months ago
Selected Answer: B
I Would go for B even if NAT GW allow outbound traffic ONLY. Still wondering how the Company newtwork will access Private Subnet in the VPC.
upvoted 1 times
...
Scheldon
10 months, 2 weeks ago
AnswerB Server and LB in Private will hide WEB application from the word. NAT will allow for server's access to the internet in case of need
upvoted 1 times
...
NayeraB
1 year, 2 months ago
Selected Answer: B
B is well structured
upvoted 3 times
...
ogerber
1 year, 2 months ago
To my opinion, with only having inbound of the companys CIDR block, it will not include access for the patches available online. i would go for D
upvoted 4 times
sandordini
1 year ago
Incorrect: B says inbound, D says outbound. Outbound for ALB are the EC2 Instances.
upvoted 1 times
...
...
kempes
1 year, 2 months ago
Selected Answer: B
Option B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago