The optimal setup for persistence and security that meets the above requirements would be the following.

– by 3

Your team has a tomcat-based Java application you need to deploy into development, test and production environments. After some research, you opt to use Elastic Beanstalk due to its tight integration with your developer tools and RDS due to its ease of management. Your QA team lead points out that you need to roll a sanitized set of production data into your environment on a nightly basis. Similarly, other software teams in your org want access to that same restored data via their EC2 instances in your VPC .The optimal setup for persistence and security that meets the above requirements would be the following.
A. Create your RDS instance as part of your Elastic Beanstalk definition and alter its security group to allow access to it from hosts in your application subnets.
B. Create your RDS instance separately and add its IP address to your application’s DB connection strings in your code Alter its security group to allow access to it from hosts within your VPCs IP address block.
C. Create your RDS instance separately and pass its DNS name to your app’s DB connection string as an environment variable. Create a security group for client machines and add it as a valid source for DB traffic to the security group of the RDS instance itself.
D. Create your RDS instance separately and pass its DNS name to yours DB connection string as an environment variable Alter its security group to allow access to it from hosts in your application subnets.

amazon-exams

3 thoughts on “The optimal setup for persistence and security that meets the above requirements would be the following.

  2. It can’t be A because the scenario specifically requires persistence. According to http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.db.html “A database instance that is part of your environment is tied to the lifecycle of your environment. If you terminate the environment, the database instance is terminated as well. An integrated database instance also cannot be removed from your environment once added.”

    It can’t be B because we never have access to the IP address of any RDS instance.

    C & D are very similar except that the scenario requirements specifically state that optimal security should be applied.

    It can’t be D because RDS is opened to all “hosts in your application subnets” where C only opens RDS to specific client machines in a specific security group.

    C is the correct answer.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.