A company has a VPC with public and private subnets. Instances in the private subnet need to access the internet to download software patches. The company wants to implement this securely and cost-effectively, ensuring the instances cannot receive inbound connections from the internet. <br/><br/>What is the BEST solution?

Answer options:

Attach an Internet Gateway to the private subnet.

Deploy a NAT Gateway in the public subnet and update the private subnet route table to point to it.

Deploy an Egress-Only Internet Gateway.

Use AWS PrivateLink to connect to the software patch repositories.

How to approach this question

Identify the standard component for outbound IPv4 internet access from a private subnet.

Full Answer

B.Deploy a NAT Gateway in the public subnet and update the private subnet route table to point to it.✓ Correct

A NAT Gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

Common mistakes

Choosing Egress-Only Internet Gateway, which is exclusively for IPv6.

Question 63 All questions Question 65

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...Easy Q03A company is designing a web application that will be hosted on AWS. The application will use an ...Medium Q04A company is building a mobile app that requires users to authenticate using their social media a...Hard Q05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium

View all 65 questions →