Free AWS SAA-C03 Actual Exam Questions – Solutions Architect Questions - Question 1 Discussion
consists of an internet-facing Application Load Balancer (ALB) that forwards traffic to an Auto Scaling
group of Amazon EC2 instances.
The EC2 instances must be able to access an Amazon RDS database. The company does not want to
rely solely on security groups or network ACLs. Only the minimum resources that are necessary
should be routable from the internet.
Which network design meets these requirements?
Maybe B makes the most sense since the ALB has to be internet-facing, but the EC2 and RDS should stay private to minimize exposure. A and C expose too many resources publicly, and D sounds unrealistic.
B imo. The ALB needs to be public-facing for internet traffic, while EC2 and RDS stay private to limit exposure. D sounds off since ALBs run inside VPCs, so placing it outside seems unlikely.
B/C? B makes sense since the ALB needs to be internet-facing, so it should be in a public subnet, but the EC2 instances and RDS should stay private to reduce exposure. C seems riskier because putting EC2 instances in public subnets exposes them directly to the internet, which goes against the requirement of minimal resources being routable from the internet. So, B best fits the need to limit internet exposure while allowing necessary access.
Option B, ALB public, others private keeps minimal exposure.