AWS Certified Solutions Architect – Associate (SAA-C02) — Question 213

A company is deploying a web portal. The company wants to ensure that only the web portion of the application is publicly accessible. To accomplish this, the
VPC was designed with two public subnets and two private subnets. The application will run on several Amazon EC2 instances in an Auto Scaling group. SSL termination must be offloaded from the EC2 instances.
What should a solutions architect do to ensure these requirements are met?

Answer options

• A. Configure the Network Load Balancer in the public subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
• B. Configure the Network Load Balancer in the public subnets. Configure the Auto Scaling group in the public subnets and associate it with the Application Load Balancer.
• C. Configure the Application Load Balancer in the public subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
• D. Configure the Application Load Balancer in the private subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.

Correct answer: C

Explanation

The correct answer is C because the Application Load Balancer needs to be in the public subnets to handle incoming traffic while the Auto Scaling group, which runs the EC2 instances, should be in the private subnets for security reasons. Options A and B incorrectly place the Auto Scaling group in public subnets, exposing the instances to the internet, while option D incorrectly places the Application Load Balancer in the private subnets, preventing it from being publicly accessible.