Exam ANS-C00 topic 1 question 89 discussion

B - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html A VPC endpoint for DynamoDB enables Amazon EC2 instances in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Your EC2 instances do not require public IP addresses, and you don't need an internet gateway, a NAT device, or a virtual private gateway in your VPC.

B is correct. Minimal exposure.

C is correct because public Internet-facing ALB requires targets in public subnets. Thus at least web servers must be in public subnets.

for me is B,

B. A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.

CD is right

It’s a web app… you can do API-ish things like path based routing and work at the level 7 layer

ALB satisfies the requirement and is less expensive than NLB.

B is correct.

Incredibly straightforward. Associate level knowledge.

B should be correct answer

Answer should be B not D

B is the correct answer

Correct answer is B

B is correct. Since it is a web application, we can go with ALB and position it in a public subnet. The web and application tier can reside on private subnets. DynamoDB is a public AWS service and hence cannot be placed inside a VPC subnet. A VPC endpoint for DynamoDB can be created and associated with the route table of the VPC so as to securely communicate with DynamoDB using private IP address.

Web application -> A & D incorrect.

Ans is B