Q61 — AWS SAA-C03 第2章
第 61/65 题 | ← 返回第2章
Q126.一家公司在 AWS 上运行其两层电子商务网站. Web 层包含一个将流量发送到 Amazon EC2 实例的负载均衡器.数据库层使用 Amazon RDS 数据库实例. EC2 实例和 RDS 数据库实例不应暴露于公共互联网. EC2 实例需要互联网接入才能通过第三方网络服务完成订单的支付处理.应用程序必须具有高可用性.哪种配置选项组合可以满足这些要求? (选择两个.)考生请注意,这题是争议题,许多考生有不同的意见, AB AD AE CD CE 都有一定数量考生主张,所以这题如果考到,考生自己决定选择哪一个答案,这种题一般来说应该是送分题,当考生遇到这个题目不需要再叫客服确认答案。
- A. 使用 Auto Scaling 组在私有子网中启动 EC2 实例.在私有子网中部署 RDS 多可用区数据库实例 ✓
- B. 跨两个可用区配置一个具有两个私有子网和两个 NAT 网关的 VPC.在私有子网中部署应用程序负载均衡器
- C. 使用 Auto Scaling 组在两个可用区的公共子网中启动 EC2 实例.在私有子网中部署 RDS 多可用区数据库实例
- D. 跨两个可用区配置一个具有一个公有子网. 一个私有子网和两个 NAT 网关的 VPC.在公共子网中部署应用程序负载均衡器.
- E. 跨两个可用区配置一个具有两个公有子网. 两个私有子网和两个 NAT 网关的 VPC.在公共子网中部署应用程序负载均衡器 ✓
正确答案: A. 使用 Auto Scaling 组在私有子网中启动 EC2 实例.在私有子网中部署 RDS 多可用区数据库实例, E. 跨两个可用区配置一个具有两个公有子网. 两个私有子网和两个 NAT 网关的 VPC.在公共子网中部署应用程序负载均衡器
解析
To meet the requirements stated for the company's two-tier ecommerce website on AWS, we need to ensure the following:The EC2 instances and RDS DB instance should not be exposed to the public internet.The EC2 instances require internet access for payment processing.The application must be highly available.Let's analyze each option:A. Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.This option ensures the EC2 instances and RDS DB instance are in private subnets, not exposed to the public internet.Auto Scaling groups provide high availability by automatically scaling the number of EC2 instances based on demand.However, this option doesn't mention how internet access will be provided to the EC2 instances. Typically, this would be done using NAT gateways.B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.Deploying an Application Load Balancer in private subnets is not ideal because load balancers need to be publicly accessible to distribute incoming traffic. This option does not meet the requirement for internet accessibility of the load balancer.C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.This option places the EC2 instances in public subnets, which violates the requirement that they should not be exposed to the public internet.D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.This option places the load balancer in the public subnet, which is appropriate for distributing incoming traffic.However, it only uses one public and one private subnet, which does not provide the high availability typically achieved by deploying across two Availability Zones with separate subnets.RDS DB instance in private subnets is correct, but the single subnet setup lacks redundancy.E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.This option places the Application Load Balancer in public subnets, allowing it to distribute incoming traffic.EC2 instances are placed in private subnets with internet access provided via NAT gateways, meeting the requirement that they should not be exposed directly to the internet.RDS DB instance in private subnets ensures it is not exposed to the internet.The use of two subnets and NAT gateways in each Availability Zone ensures high availability.Based on the analysis, the correct configurations that meet all the requirements are:A and EA ensures the EC2 instances and RDS DB instance are in private subnets with high availability via Auto Scaling, but it lacks explicit mention of NAT gateways for internet access (though typically implied).E explicitly provides a complete, high-availability solution with public subnets for the load balancer, private subnets for the EC2 instances and RDS DB instance, and NAT gateways for internet access.Thus, the correct answer is: A and E为了满足公司在AWS上的双层电子商务网站的要求,我们需要确保以下内容: EC2实例和RDS DB实例不应该公开给公共internet。EC2实例需要internet访问才能进行支付处理。应用程序必须具有高可用性。让我们分析一下每个选项: A.使用Auto Scaling组启动私有子网中的EC2实例。在私有子网中部署RDS Multi-AZ DB实例。 此选项可确保EC2实例和RDS DB实例位于私有子网中,而不暴露给公共internet。Auto Scaling组通过根据需求自动扩展EC2实例的数量来提供高可用性。但是,这个选项没有提到如何向EC2实例提供internet访问。通常,这将使用NAT网关完成。B.在两个可用分区中配置两个私有子网和两个NAT网关。在私有子网中部署应用负载均衡器。 在私有子网中部署应用程序负载平衡器并不理想,因为负载平衡器需要可公开访问以分发传入的流量。此选项不满足负载平衡器的互联网可访问性要求。C.使用Auto Scaling组在两个可用区域的公共子网中启动EC2实例。在私有子网中部署RDS Multi-AZ DB实例。 此选项将EC2实例放在公共子网中,这违反了它们不应暴露给公共internet的要求。D.在两个可用分区中配置一个公网子网、一个私有子网和两个NAT网关。在公网子网中部署应用负载均衡器。 此选项将负载均衡器放在公共子网中,这适合分配传入的流量。但是,它只使用一个公共子网和一个私有子网,这不能提供通常通过跨两个具有单独子网的可用区部署来实现的高可用性。私有子网中的RDS DB实例正确,但单子网设置缺乏冗余。E.在两个可用分区中配置两个公网子网、两个私网子网和两个NAT网关。在公网子网中部署应用负载均衡器。 此选项将应用程序负载均衡器放置在公共子网中,允许它分发传入的流量。EC2实例被放置在私有子网中,通过NAT网关提供internet访问,以满足它们不应该直接暴露给internet的要求。私有子网中的RDS DB实例确保它不暴露于internet。每个可用分区使用两个子网和NAT网关,保证高可用性。根据分析,满足所有要求的正确配置是: A和E A通过自动缩放确保EC2实例和RDS DB实例处于具有高可用性的私有子网中,但它没有明确提及用于internet访问的NAT网关(尽管通常是隐含的)。E明确地提供了一个完整的、高可用性的解决方案,为负载均衡器提供了公共子网,为EC2实例和RDS DB实例提供了私有子网,为互联网访问提供了NAT网关。因此,正确答案是:A和E