AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 292

You are managing a VPC with 4 AZs. There is a load balancer managing the public accessibility to your servers. You have a secondary ENI with a private IPv4 address on an instance that is serving public web traffic. Your server communicates over private addresses to a database in another subnet. Security is a major concern for your company and whitelisting is in effect.
You have to bring the web server down for maintenance, what two things should you do? (Choose two.)

Answer options

• A. Reboot the instance.
• B. Move the ENI from one server to the other.
• C. Associate the new ENI with the database security group.
• D. Configure a secondary ENI on the standby instance.

Correct answer: C, D

Explanation

To ensure high availability while the primary web server is down, you must configure a secondary ENI on a standby instance to handle traffic. Because strict whitelisting is in place for database communication, you must also associate this new ENI with the database's security group to permit access. Rebooting the instance does not provide high availability during maintenance, and moving an active ENI directly can cause routing and connection issues.