AdministratorMay 5, 2020 at 9:23 am
Thank you for sharing your thoughts on this scenario. As requested, I have added the following paragraph in the explanation:
In this scenario, the web servers are hosted in public subnets behind a public-facing Application Load Balancer while the application servers are hosted in private subnets. To better protect your web servers against direct attacks, you can migrate your servers to private subnets and then remove any attached public IP or Elastic IP addresses. The public-facing Application Load Balancer can route the traffic to these web servers hosted in private subnets. This will also significantly reduce the attack surface of your cloud infrastructure.
This will be reflected in our practice tests soon. Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Jon Bonso @ Tutorials Dojo