A company plans to deploy a two-tier web application to a new VPC in a single AWS Region.…

Question

A company plans to deploy a two-tier web application to a new VPC in a single AWS Region. The company has configured the VPC with an internet gateway and four subnets. Two of the subnets are public and have default routes that point to the internet gateway. Two of the subnets are private and share a route table that does not have a default route.
The application will run on a set of Amazon EC2 instances that will be deployed behind an external Application Load Balancer. The EC2 instances must not be directly accessible from the internet. The application will use an Amazon S3 bucket in the same Region to store data. The application will invoke S3 GET API operations and S3 PUT API operations from the EC2 instances. A network engineer must design a VPC architecture that minimizes data transfer cost.
Which solution will meet these requirements?

Accepted Answer

Correct answer: C. C. Deploy the EC2 instances in the private subnets. Create an S3 gateway endpoint in the VPSpecify die route table of the private subnets during endpoint creation to create routes to Amazon S3. — The correct answer is C because deploying the EC2 instances in private subnets with an S3 gateway endpoint allows direct access to S3 without incurring data transfer costs through the internet. The other options either place the EC2 instances in public subnets, which contradicts the requirement of not being directly accessible from the internet, or involve NAT gateways, which would not minimize costs effectively.

AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 53

Answer options

Correct answer: C

Explanation