ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 116 - SCS-C02 discussion

Report
Export

Within a VPC, a corporation runs an Amazon RDS Multi-AZ DB instance. The database instance is connected to the internet through a NAT gateway via two subnets.

Additionally, the organization has application servers that are hosted on Amazon EC2 instances and use the RDS database. These EC2 instances have been deployed onto two more private subnets inside the same VPC. These EC2 instances connect to the internet through a default route via the same NAT gateway. Each VPC subnet has its own route table.

The organization implemented a new security requirement after a recent security examination. Never allow the database instance to connect to the internet. A security engineer must perform this update promptly without interfering with the network traffic of the application servers.

How will the security engineer be able to comply with these requirements?

A.
Remove the existing NAT gateway. Create a new NAT gateway that only the application server subnets can use.
Answers
A.
Remove the existing NAT gateway. Create a new NAT gateway that only the application server subnets can use.
B.
Configure the DB instances inbound network ACL to deny traffic from the security group ID of the NAT gateway.
Answers
B.
Configure the DB instances inbound network ACL to deny traffic from the security group ID of the NAT gateway.
C.
Modify the route tables of the DB instance subnets to remove the default route to the NAT gateway.
Answers
C.
Modify the route tables of the DB instance subnets to remove the default route to the NAT gateway.
D.
Configure the route table of the NAT gateway to deny connections to the DB instance subnets.
Answers
D.
Configure the route table of the NAT gateway to deny connections to the DB instance subnets.
Suggested answer: C

Explanation:

Each subnet has a route table, so modify the routing associated with DB instance subnets to prevent internet access.

asked 16/09/2024
Alvaro Campos
35 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first