A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks
What should a solutions architect recommend?
A . Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Configure the EC2 instance iptables rules to drop suspicious web traffic Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
B . Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances
C . Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Create a security group for the web application servers and a security group for the DB
instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.
D . Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Configure the Auto Scaling group lo automatically create new DB instances under heavy traffic Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound
Answer: C
Leave a Reply