ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 992 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 992
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company's software development team needs an Amazon RDS Multi-AZ cluster. The RDS cluster will serve as a backend for a desktop client that is deployed on premises. The desktop client requires direct connectivity to the RDS cluster.

The company must give the development team the ability to connect to the cluster by using the client when the team is in the office.

Which solution provides the required connectivity MOST securely?

  • A. Create a VPC and two public subnets. Create the RDS cluster in the public subnets. Use AWS Site-to-Site VPN with a customer gateway in the company's office.
  • B. Create a VPC and two private subnets. Create the RDS cluster in the private subnets. Use AWS Site-to-Site VPN with a customer gateway in the company's office.
  • C. Create a VPC and two private subnets. Create the RDS cluster in the private subnets. Use RDS security groups to allow the company's office IP ranges to access the cluster.
  • D. Create a VPC and two public subnets. Create the RDS cluster in the public subnets. Create a cluster user for each developer. Use RDS security groups to allow the users to access the cluster.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by viejito at Sept. 30, 2024, 8:33 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bwhizzy
Highly Voted 6 months, 1 week ago
Selected Answer: B
The Correct Answer is B. Explanation: VPC and Private Subnets: By placing the RDS cluster in private subnets, you ensure that the RDS cluster is not publicly accessible from the internet. This significantly improves security as the database is only accessible through secure channels, not directly from the public internet. AWS Site-to-Site VPN: Using a Site-to-Site VPN establishes a secure, encrypted connection between the on-premises office and the AWS environment. This provides secure access to the RDS cluster without exposing it to the internet, ensuring that the developers can only access the cluster when connected to the office network. Customer Gateway: The customer gateway is configured in the company's office to handle the VPN connection, providing secure connectivity for the desktop client to the RDS cluster when the development team is in the office.
upvoted 6 times
...
blehbleh
Highly Voted 6 months, 2 weeks ago
Selected Answer: B
This is B site to site von adds additional security. We are going for more secure.
upvoted 6 times
...
kbgsgsgs
Most Recent 6 months, 3 weeks ago
Selected Answer: C
The goal is to limit the team to only being in the office to be in the RDS cluster, so wouldn't checking IP ranges based on the office network rather than bringing up the internet be better suited to what you really need?
upvoted 3 times
trongod05
6 months, 3 weeks ago
But if they are in private subnets, how do they connect? Can't over public internet. And there's no connection between their office and the VPC. Needs more info I think.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago