Q61 — AWS SAA-C03 Ch.5
Question 61 of 65 | ← Chapter 5
Q361. A company has a three-tier web application that is in a single server.The company wants to migrate the application to the AWS Cloud. The company also wants the application to align with the AWS Well- Architected Framework and to be consistent with AWS recommended best practices for security, scalability, and resiliency.Which combination of solutions will meet these requirements?(Select THREE)
- A. Create a VPC across two Availability Zones with the application's existing architecture. Host the application with existing architecture on an Amazon EC2 instance in a private subnet in each Availability Zone with EC2 Auto Scaling groups. Secure the EC2 instance with security groups and network access control lists (network ACLs)
- B. Set up security groups and network access control lists (network ACLs) to control access to the database layer. Set up a single Amazon RDS database in a private subnet
- C. Create a VPC across two Availability Zones. Refactor the application to host the web tier, application tier, and database tier. Host each tier on its own private subnet with Auto Scaling groups for the web tier and application tier ✓
- D. Use a single Amazon RDS database. Allow database access only from the application tier security group
- E. Use Elastic Load Balancers in front of the web tier. Control access by using security groups containing references to each layer's security groups ✓
- F. Use an Amazon RDS database Multi-AZ cluster deployment in private subnets. Allow database access only from application tier security groups ✓
Correct Answer: C. Create a VPC across two Availability Zones. Refactor the application to host the web tier, application tier, and database tier. Host each tier on its own private subnet with Auto Scaling groups for the web tier and application tier, E. Use Elastic Load Balancers in front of the web tier. Control access by using security groups containing references to each layer's security groups, F. Use an Amazon RDS database Multi-AZ cluster deployment in private subnets. Allow database access only from application tier security groups
Explanation
Option C aligns with best practices by creating a VPC across multiple Availability Zones and refactoring the application to separate it into different tiers. Each tier is hosted on its own private subnet, and Auto Scaling groups provide scalability and fault tolerance.Option E introduces Elastic Load Balancers (ELBs) in front of the web tier. This helps distribute traffic and improve resiliency. By controlling access with security groups that reference each layer's security groups, security is enhanced.Option F uses an Amazon RDS database Multi-AZ cluster deployment in private subnets. This adds resiliency by maintaining a replica of the database in another Availability Zone. Database access is limited to the security groups associated with the application tier, improving security.