Network Diagram PBQs: AWS Certified Solutions Architect - Associate (SAA-C03)

easy

Question 1 of 3

You are a solutions architect designing a standard three-tier VPC for a web application. The VPC has three subnets: a Public Subnet for internet-facing resources, a Private Subnet for application logic that should not be directly reachable from the internet, and a Data Subnet for database instances that must be fully isolated. An Internet Gateway and a web server are already in place. Assign the remaining AWS resources to the correct subnets based on their roles and the principle of least privilege network access.

Network Topology

Public Subnet

Internet-facing resources — ALB, NAT Gateway, bastion hosts

Internet Gateway🔒

EC2 Web Server🔒

Private Subnet

Application servers, containers, internal services

Drop devices here

Data Subnet

RDS instances, ElastiCache clusters, isolated data stores

Drop devices here

Available Devices

Drag devices into the correct network zone above

NAT Gateway

Application Server

RDS MySQL Instance

Progress

0 of 3 devices placed

Drag devices into the correct network zones

0 of 3 marked complete