AWS Certified Solutions Architect – Associate (SAA-C03) — Question 223

A solutions architect needs to design a highly available application consisting of web, application, and database tiers. HTTPS content delivery should be as close to the edge as possible, with the least delivery time.

Which solution meets these requirements and is MOST secure?

Answer options

• A. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin.
• B. Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in private subnets. Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.
• C. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin.
• D. Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.

Correct answer: C

Explanation

The correct answer is C because it uses a public ALB to manage traffic while keeping the EC2 instances in private subnets, which enhances security. Options A and D place EC2 instances in public subnets, exposing them to the internet, which is less secure. Option B uses EC2 instances in private subnets, but does not leverage the ALB for HTTPS content distribution, making it less efficient.