ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 91 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 91
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

You've been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce platform to Amazon Virtual Private Cloud
(VPC) The previous architect has already deployed a 3-tier VPC.
The configuration is as follows:

VPC: vpc-2f8bc447 -

IGW: igw-2d8bc445 -

NACL: ad-208bc448 -
Subnets and Route Tables:

Web servers: subnet-258bc44d -
Application servers: subnet-248bc44c
Database servers: subnet-9189c6f9
Route Tables:
rrb-218bc449
rtb-238bc44b
Associations:
subnet-258bc44d : rtb-218bc449
subnet-248bc44c : rtb-238bc44b
subnet-9189c6f9 : rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the internet Application and database servers cannot have direct access to the internet.
Which configuration below will allow you the ability to remotely administer your application and database servers, as well as allow these servers to retrieve updates from the Internet?

  • A. Create a bastion and NAT instance in subnet-258bc44d, and add a route from rtb- 238bc44b to the NAT instance.
  • B. Add a route from rtb-238bc44b to igw-2d8bc445 and add a bastion and NAT instance within subnet-248bc44c.
  • C. Create a bastion and NAT instance in subnet-248bc44c, and add a route from rtb- 238bc44b to subnet-258bc44d.
  • D. Create a bastion and NAT instance in subnet-258bc44d, add a route from rtb-238bc44b to Igw-2d8bc445, and a new NACL that allows access between subnet-258bc44d and subnet-248bc44c.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by LisX at May 6, 2021, 1:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
01037
Highly Voted 3 years, 6 months ago
A Sa Easy one
upvoted 6 times
...
amministrazione
Most Recent 8 months, 3 weeks ago
A. Create a bastion and NAT instance in subnet-258bc44d, and add a route from rtb- 238bc44b to the NAT instance.
upvoted 1 times
...
JPA210
1 year, 2 months ago
Selected Answer: A
In D you are adding a route to igw, this is not needed and even not recommended. That's why we use a NAT gateway or in this case NAT instance to route the requests to the internet through it instead.
upvoted 1 times
...
skywalker
2 years, 8 months ago
Should be D
upvoted 1 times
...
Network_1
2 years, 8 months ago
A is the answer. D is wrong: you can add a route to igw in a private subnet.
upvoted 1 times
Network_1
2 years, 8 months ago
I meant you *can't* add add a route to igw in a private subnet. To allow the app and db instances to receive update from the Internet, you add a route in the private subnet towards the NAT gateway
upvoted 1 times
...
...
lulz111
3 years, 3 months ago
Such a badly written and formatted question.
upvoted 2 times
...
tkanmani76
3 years, 4 months ago
D is correct
upvoted 1 times
...
viet1991
3 years, 6 months ago
A "CloudFloater Highly Voted 1 year, 3 months ago http://jayendrapatil.com/tag/bastion-host/ (Bastion and NAT should be in the public subnet. As Web Server has direct access to Internet, the subnet subnet-258bc44d should be public and Route rtb-2i8bc449 pointing to IGW. Route rtb-238bc44b for private subnets should point to NAT for outgoing internet access)" https://www.examtopics.com/discussions/amazon/view/12325-exam-aws-certified-solutions-architect-professional-topic-1/
upvoted 4 times
...
Rudrajit
3 years, 6 months ago
Answer should be D.
upvoted 2 times
...
LisX
3 years, 6 months ago
I mean NAT not NACL
upvoted 1 times
...
LisX
3 years, 7 months ago
I think answer should be D. NACL does not grant internet access
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago