Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 125 discussion

Answer A for: The EC2 instances and the RDS DB instance should not be exposed to the public internet. Answer D for: The EC2 instances require internet access to complete payment processing of orders through a third-party web service. Answer A for: The application must be highly available.

A and E! Application has to be highly available while the instance and database should not be exposed to the public internet, but the instances still requires access to the internet. NAT gateway has to be deployed in public subnets in this case while instances and database remain in private subnets in the VPC, therefore answer is (A) and (E). https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html If the instances did not require access to the internet, then the answer could have been (B) to use a private NAT gateway and keep it in the private subnets to communicate only to the VPCs. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

AE The goal is to create a highly available architecture with EC2 instances and RDS instances that are not exposed to the public internet, while still allowing the EC2 instances to access external services.

And A,D - keeps EC2 and RDS private and highly available, but with public front-end (Not sure why Author's highlighted answer is C?)

AD are correct ans

AE A because the EC2 can't be exposed to public E because each subnet must reside entirely within one Availability Zone and cannot span zones. source: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#:~:text=Delete%20a%20subnet-,Subnet%20basics,of%20a%20single%20Availability%20Zone.

A and D is the best combination, it achieves all of the desired requirements.

Option A ensures that EC2 instances and RDS DB instance are not exposed to the public internet, as they are launched in private subnets. Auto Scaling group will also ensure high availability of EC2 instances. Option D configures a VPC with a public subnet for the load balancer, and a private subnet for the EC2 instances and RDS DB instance. NAT gateways in both Availability Zones will allow EC2 instances to access the internet for payment processing, while keeping them private.

A and E (the second D option) .

There might be error in question. i modified it now CE answer seems to be correct A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The RDS DB instance should not be exposed to the public internet. The The RDS DB instance require internet access to complete payment processing of orders through a third-party web service. The application must be highly available. Which combination of configuration options will meet these requirements? (Choose two.)

Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets. This ensures that the EC2 instances and the RDS DB instance are not exposed to the public internet. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets. This allows the EC2 instances in private subnets to access the internet for payment processing through the NAT gateways while keeping them private.

App layer & DB Layer does not expose to Internet -> both in private subnet, access through NAT Gateway It's enough for all requirements!

AD is right , last one D

AE Two public subnets = two addresses for ALB = high availability two private subnets with NAT gateway to allow eggress traffic to internet - application tier will be able to complete payment

AE https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

AE. There are two Ds, the last option should be E.

AB. should not be exposed to the public internet => private subnet