ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 832 discussion

Exam question from Amazon's AWS-SysOps
Question #: 832
Topic #: 1
[All AWS-SysOps Questions]

A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?

  • A. Create one public subnet for the Application Load Balancer, one public subnet for the web servers, and one private subnet for the database servers.
  • B. Create one public subnet for the Application Load Balancer, two public subnets for the web servers, and two private subnets for the database servers.
  • C. Create two public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers.
  • D. Create two public subnets for the Application Load Balancer, two public subnets for the web servers, and two public subnets for the database servers.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by kung07 at May 10, 2020, 8:36 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kung07
Highly Voted 2 years, 9 months ago
C as the ALB is public facing, your webservers (as your database servers) should be in the private subnets to limit exposure refer to https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/
upvoted 24 times
...
albert_kuo
Most Recent 11 months, 2 weeks ago
Selected Answer: C
By configuring the infrastructure in this way, the web application can achieve high availability by deploying resources across multiple Availability Zones (AZs) while also limiting direct public access to the instances that don't require it. The ALB serves as the public-facing entry point, and the web servers and database servers are protected within private subnets.
upvoted 1 times
...
gulu73
1 year, 5 months ago
Selected Answer: C
I vote C
upvoted 2 times
...
Anasalrawas
2 years, 8 months ago
Ans is B, why would u need 2 subnets for ALB??
upvoted 2 times
...
Hypercuber
2 years, 8 months ago
I'll go for C, we have to limit public access to the max, ALB allows accessing to the Web servers; therefore we can pub the WS in a private subnet
upvoted 1 times
...
abhishek_m_86
2 years, 8 months ago
C as the ALB is public facing, your webservers (as your database servers) should be in the private subnets to limit exposure
upvoted 1 times
...
Jordanro
2 years, 8 months ago
C. Create two public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers. Example of accessibility to the web servers via the Internet is shown in Figure 1 of the linked documentation but we should add two separate private subnets for the database servers https://docs.aws.amazon.com/quickstart/latest/magento/architecture.html
upvoted 1 times
...
jackdryan
2 years, 8 months ago
I'll go with C
upvoted 1 times
...
PartlyCloudy
2 years, 8 months ago
As per https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html Select one subnet per zone to enable. If you enabled dual-stack mode for the load balancer, select subnets with associated IPv6 CIDR blocks. You can specify one of the following: Subnets from at least two Availability Zones Subnets from one or more Local Zones One Outpost subnet + Requirement to secure instances -> Put Webservers in Private subnet Answer -> C
upvoted 1 times
...
vob
2 years, 8 months ago
The question is posed wrong. ALB don't exist in a subnet, they only point to subnets when EC2 are their targets. ALB is more of a regional service that sits outside subnets. The only thing for sure is should be 2 subnets for web and 2 subnets for DB to ensure HA. All subnets should be private, the only service exposed to the internet is the load balancer. So the closest answer is C.
upvoted 4 times
...
AWS1212
2 years, 8 months ago
Are the web servers not supposed to be public facing, or what am I missing here...? I would opt for B.
upvoted 1 times
AWS1212
2 years, 8 months ago
On second thought, with no NAT Gateway and how the question is formulated, I'll opt for C.
upvoted 1 times
...
...
vnsuk
2 years, 8 months ago
B is correct, you dont need WS in private sub. otherwise you put both DB and WS in private.
upvoted 1 times
...
Pirulou
2 years, 9 months ago
Ans C -->ALB is public facing tne Webservers can run in private subnet.
upvoted 1 times
...
tiffanny
2 years, 9 months ago
It should be B because you need to put the ELB to public subnet
upvoted 1 times
...
Chubb
2 years, 9 months ago
why not B
upvoted 2 times
...
nicat
2 years, 9 months ago
C. Create two public subnets for the Application Load Balancer, two private subnets for the web servers, and two private subnets for the database servers.
upvoted 4 times
...
EVAAWS
2 years, 9 months ago
C for sure
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel