Network Diagram PBQs: AWS Certified Advanced Networking - Specialty (ANS-C01)

easy

Question 1 of 3

You are designing a basic multi-tier VPC architecture for a production workload. The VPC has three subnets: a Public Subnet for internet-facing resources, a Private Subnet for application workloads that require outbound internet access but no inbound, and a Data Subnet for database instances that must remain fully isolated. An Internet Gateway and a web-tier load balancer are already deployed. Assign the remaining networking and compute resources to the correct subnets based on standard AWS VPC design patterns.

Network Topology

Public Subnet

Internet-facing — IGW, ALB, NAT Gateway, bastion hosts

Internet Gateway🔒

Application Load Balancer🔒

Private Subnet

Application servers, ECS tasks, outbound-only internet via NAT

Drop devices here

Data Subnet

RDS instances, ElastiCache, no internet access

Drop devices here

Available Devices

Drag devices into the correct network zone above

NAT Gateway

EC2 Application Server

RDS PostgreSQL Instance

Progress

0 of 3 devices placed

Drag devices into the correct network zones

0 of 3 marked complete