BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C01 Topic 5 Question 26 Discussion

Actual exam question for Amazon's SCS-C01 exam
Question #: 26
Topic #: 5
[All SCS-C01 Questions]

Within a VPC, a corporation runs an Amazon RDS Multi-AZ DB instance. The database instance is connected to the internet through a NAT gateway via two subnets.

Additionally, the organization has application servers that are hosted on Amazon EC2 instances and use the RDS database. These EC2 instances have been deployed onto two more private subnets inside the same VPC. These EC2 instances connect to the internet through a default route via the same NAT gateway. Each VPC subnet has its own route table.

The organization implemented a new security requirement after a recent security examination. Never allow the database instance to connect to the internet. A security engineer must perform this update promptly without interfering with the network traffic of the application servers.

How will the security engineer be able to comply with these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

Each subnet has a route table, so modify the routing associated with DB instance subnets to prevent internet access.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel