A Quick Review to Design Secure Applications and Architectures
Part 3 : Design Secure Applications and Architectures (24% of exam)
- Design secure access to AWS resources.
- Design secure Application tiers.
- Design appropriate Data Security.
1. The EC2 instances with IPv4 addresses launched in a private subnet.
Which AWS service that can provide a highly available solution to safely fetch the software patches from the Internet but prevent outside network from initiating a connection ?
NAT Gateway — AWS-managed NAT services with high availability & bandwidth, IPv4 supported.
2. A company launched a EC2 instance in private subnet that uses IPv6. Due to the financial data that the server contains, the system should be secured to prevent any unauthorized access and to meet the regulatory compliance requirements.
In this scenario, which VPC feature allows the EC2 instance to communicate to the Internet but prevents inbound traffic?
Egress-only Internet Gateway — a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in…