Answer-first summary for fast verification
Answer: Create a VPC across two Availability Zones. Refactor the application to host the web tier, application tier, and database tier. Host each tier on its own private subnet with Auto Scaling groups for the web tier and application tier., Use Elastic Load Balancers in front of the web tier. Control access by using security groups containing references to each layer's security groups., Use an Amazon RDS database Multi-AZ cluster deployment in private subnets. Allow database access only from application tier security groups.
## Explanation The correct combination is **C, E, and F** because these options align with AWS Well-Architected Framework principles for security, scalability, and resiliency: ### **Option C: Correct** - Creates a VPC across two Availability Zones for high availability - Refactors the application into separate tiers (web, application, database) which follows best practices for separation of concerns - Hosts each tier in its own private subnet for security isolation - Uses Auto Scaling groups for web and application tiers for scalability ### **Option E: Correct** - Uses Elastic Load Balancers in front of the web tier for distributing traffic and improving availability - Controls access using security groups with references to each layer's security groups, which is a best practice for layered security ### **Option F: Correct** - Uses Amazon RDS Multi-AZ cluster deployment for high availability and automatic failover - Places database in private subnets for security - Restricts database access only from application tier security groups (principle of least privilege) ### **Why other options are incorrect:** **Option A:** Incorrect because it maintains the existing monolithic architecture instead of refactoring into separate tiers, which doesn't align with best practices for scalability and maintainability. **Option B:** Incorrect because it suggests a single RDS database (not Multi-AZ) which lacks high availability, and doesn't address the need for refactoring the application tiers. **Option D:** Incorrect because it suggests a single RDS database without Multi-AZ deployment, which doesn't provide the required resiliency across Availability Zones. ### **Key AWS Well-Architected Framework Principles Applied:** 1. **Reliability**: Multi-AZ deployment, Auto Scaling, Load Balancers 2. **Security**: Private subnets, security groups, least privilege access 3. **Performance Efficiency**: Separate tiers, Auto Scaling 4. **Cost Optimization**: Proper resource allocation by tier 5. **Operational Excellence**: Structured architecture with clear separation of concerns
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has a three-tier web application that is in a single server. The company wants to migrate the application to the AWS Cloud. The company also wants the application to align with the AWS Well-Architected Framework and to be consistent with AWS recommended best practices for security, scalability, and resiliency.
Which combination of solutions will meet these requirements? (Choose three.)
A
Create a VPC across two Availability Zones with the application's existing architecture. Host the application with existing architecture on an Amazon EC2 instance in a private subnet in each Availability Zone with EC2 Auto Scaling groups. Secure the EC2 instance with security groups and network access control lists (network ACLs).
B
Set up security groups and network access control lists (network ACLs) to control access to the database layer. Set up a single Amazon RDS database in a private subnet.
C
Create a VPC across two Availability Zones. Refactor the application to host the web tier, application tier, and database tier. Host each tier on its own private subnet with Auto Scaling groups for the web tier and application tier.
D
Use a single Amazon RDS database. Allow database access only from the application tier security group.
E
Use Elastic Load Balancers in front of the web tier. Control access by using security groups containing references to each layer's security groups.
F
Use an Amazon RDS database Multi-AZ cluster deployment in private subnets. Allow database access only from application tier security groups.