ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 332 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 332
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in
Amazon RDS MySQL Multi-AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.
What should a solutions architect recommend?

  • A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
  • B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
  • C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
  • D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by dmscountera at March 11, 2021, 4:05 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dmscountera
Highly Voted 3 years, 8 months ago
C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
upvoted 49 times
...
syu31svc
Highly Voted 3 years, 7 months ago
A is wrong; how do you "drop suspicious web traffic" using iptables? You have to specify IP Address B is wrong; "Move DB instances to the same subnets that EC2 instances are located in" means all are in public subnets and this violates "sensitive user data" storage principles D is wrong as "allow port 3306 inbound" is not specified from which source Answer is C
upvoted 25 times
...
Janan
Most Recent 2 years, 10 months ago
Selected Answer: C
C is the answer
upvoted 1 times
...
slcheng
2 years, 10 months ago
Selected Answer: C
SG for Web and DB need separate.
upvoted 1 times
...
goblin123
3 years, 2 months ago
Selected Answer: C
C is the correct option, D is not, because you scale DB instances, there is no such thing as horizontal scaling for DB, only vertical.
upvoted 1 times
...
25dec_
3 years, 5 months ago
Selected Answer: C
C is good choice
upvoted 1 times
...
A_A_AB
3 years, 5 months ago
C is the answer for sure.
upvoted 1 times
...
jj22222
3 years, 5 months ago
C looks right
upvoted 1 times
...
prex
3 years, 5 months ago
Selected Answer: C
answer is def. C
upvoted 1 times
...
aws_aspirant
3 years, 6 months ago
CCCCCCCC
upvoted 1 times
...
jkwek
3 years, 7 months ago
Answer is C. https://aws.amazon.com/waf/
upvoted 3 times
...
KK_uniq
3 years, 7 months ago
C for sure
upvoted 3 times
...
haaris786
3 years, 7 months ago
C looks good here.
upvoted 3 times
...
leliodesouza
3 years, 7 months ago
The answer is C.
upvoted 3 times
...
Sallywhite
3 years, 7 months ago
C is right
upvoted 4 times
...
waqas
3 years, 8 months ago
Yes it must be C.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel