Q61 — AWS SAA-C03 Ch.2
Question 61 of 65 | ← Chapter 2
Q126. A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.Which combination of configuration options will meet these requirements? (Select TWO.)
- A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets ✓
- B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets
- C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones.Deploy an RDS Multi-AZ DB instance in private subnets
- D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.
- E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets ✓
Correct Answer: A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets, E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets
Explanation
To meet the requirements stated for the company's two-tier ecommerce website on AWS, we need to ensure the following:The EC2 instances and RDS DB instance should not be exposed to the public internet.The EC2 instances require internet access for payment processing.The application must be highly available.Let's analyze each option:A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.This option ensures the EC2 instances and RDS DB instance are in private subnets, not exposed to the public internet.Auto Scaling groups provide high availability by automatically scaling the number of EC2 instances based on demand.However, this option doesn't mention how internet access will be provided to the EC2 instances. Typically, this would be done using NAT gateways.B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.Deploying an Application Load Balancer in private subnets is not ideal because load balancers need to be publicly accessible to distribute incoming traffic. This option does not meet the requirement for internet accessibility of the load balancer.C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.This option places the EC2 instances in public subnets, which violates the requirement that they should not be exposed to the public internet.D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.This option places the load balancer in the public subnet, which is appropriate for distributing incoming traffic.However, it only uses one public and one private subnet, which does not provide the high availability typically achieved by deploying across two Availability Zones with separate subnets.RDS DB instance in private subnets is correct, but the single subnet setup lacks redundancy.E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.This option places the Application Load Balancer in public subnets, allowing it to distribute incoming traffic.EC2 instances are placed in private subnets with internet access provided via NAT gateways, meeting the requirement that they should not be exposed directly to the internet.RDS DB instance in private subnets ensures it is not exposed to the internet.The use of two subnets and NAT gateways in each Availability Zone ensures high availability.Based on the analysis, the correct configurations that meet all the requirements are:A and EA ensures the EC2 instances and RDS DB instance are in private subnets with high availability via Auto Scaling, but it lacks explicit mention of NAT gateways for internet access (though typically implied).E explicitly provides a complete, high-availability solution with public subnets for the load balancer, private subnets for the EC2 instances and RDS DB instance, and NAT gateways for internet access.Thus, the correct answer is: