AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A Solutions Architect is designing a network infrastructure for an application that must maintain high availability. The VPC has a public and a private subnet. Instances in the private subnet must communicate with the Internet to receive updates. These instances should not be accessible from the Internet. Which routing action should the Architect take to meet these requirements?
Attach an Internet Gateway to the private subnet's route table to enable direct communication with the Internet.
Attach a virtual private gateway to the private subnet's route table to enable instances to communicate with the Internet securely.
Create a Network Access Control List (ACL) with rules to allow outbound Internet traffic and deny inbound traffic for the private subnet.
Create a NAT Gateway in the public subnet and update the private subnet's route table to route Internet-bound traffic to the NAT Gateway.
Creating a NAT Gateway in the public subnet and updating the private subnet's route table to route Internet-bound traffic to the NAT Gateway allows instances in the private subnet to initiate outbound Internet traffic without allowing inbound traffic from the Internet. A virtual private gateway is used to establish VPN connections, an Internet Gateway would allow direct exposure to the Internet, and a Network ACL does not route traffic, but rather is used to control traffic flow.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a NAT Gateway and how does it work?
Open an interactive chat with Bash
What is the difference between a public and private subnet in a VPC?
Open an interactive chat with Bash
What are routing tables, and how do they work in AWS?