AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your company plans to host a set of web applications in the AWS Cloud. Each application should be accessible over the internet but must be isolated from one another to prevent potential security issues. As the Solutions Architect, you need to design a strategy that enforces the isolation while allowing HTTPS traffic to each application. Which approach satisfies these requirements?
Deploy all applications to a single EC2 instance and control access using the instance's security group to only allow inbound traffic on port 443.
Create a VPC with a single public subnet and deploy a Network Access Control List (NACL) that allows inbound traffic on port 22 to ensure secure communication.
Create a VPC with multiple public subnets and associate each application with a separate security group that only allows inbound traffic on port 443.
Configure a single public subnet within a VPC and associate all applications to one security group that allows all inbound traffic.
Implementing a VPC with multiple public subnets, each associated with a security group allowing only HTTPS traffic, ensures that the web applications are accessible over the internet via the secure protocol HTTPS (port 443). By placing each application in a separate subnet associated with unique security groups, you isolate the applications from one another. This separation ensures that if one application is compromised, the breach does not necessarily affect the other applications. Other options do not provide adequate isolation between applications or may block the necessary HTTPS traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VPC in AWS?
Open an interactive chat with Bash
What are security groups and how do they work?
Open an interactive chat with Bash
Why is it essential to isolate applications within a VPC?