- An Application Load Balancer, an internet gateway and a NAT gateway are configured in the pubic subnet.
- Database, application, and web servers are configured on three different private subnets.
- The VPC has two route tables: one for the public subnet and one for all other subnets. The route table for the public subnet has a 0.0.0.0/0 route to the internet gateway. The route table for all other subnets has a 0.0.0.0/0 route to the NAT gateway. All private subnets can route to each other.
- Each subnet has a network ACL implemented that limits all inbound and outbound connectivity to only the required ports and protocols.
- There are 3 Security Groups (SGs): database, application, and web. Each group limits all inbound and outbound connectivity to the minimum required.
Which of the following accurately reflects the access control mechanisms the Architect should verify?
A. Outbound SG configuration on database servers
Inbound SG configuration on application servers
Inbound and outbound network ACL configuration on the database subnet
Inbound and outbound network ACL configuration on the application server subnet
B. Inbound SG configuration on database servers
Outbound SG configuration on application servers
Inbound and outbound network ACL configuration on the database subnet
Inbound and outbound network ACL configuration on the application server subnet
C. Inbound and outbound SG configuration on database servers
Inbound and outbound SG configuration on application servers
Inbound network ACL configuration on the database subnet
Outbound network ACL configuration on the application server subnet
D. Inbound SG configuration on database servers
Outbound SG configuration on application servers
Inbound network ACL configuration on the database subnet
Outbound network ACL configuration on the application server subnet