A solutions architect is designing a VPC for a multi-tier application. The database tier must be completely isolated from the internet, but the EC2 instances in the database tier need to download software patches from external repositories. Which TWO components are required to meet these needs? (Select TWO.)

Answer options:

An Internet Gateway attached to the database subnet

A NAT gateway in a public subnet

A route in the database subnet's route table pointing to the NAT gateway

An egress-only internet gateway in the database subnet

A VPC endpoint for the external repository

How to approach this question

Understand how private subnets access the internet. They need a NAT Gateway in a public subnet and a route table entry.

Full Answer

A NAT gateway in a public subnet, A route in the database subnet's route table pointing to the NAT gateway

To give private instances internet access for patches without allowing inbound connections, you place a NAT Gateway in a public subnet and route the private subnet's internet traffic to it.

Common mistakes

Selecting an Internet Gateway, which would make the database subnet public.

Question 08 All questions Question 10

Practice the full AWS SAA-C03 Practice Exam 7

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...Medium Q02An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the ...Easy Q03A company wants to implement federated access to the AWS Management Console for its employees usi...Medium Q04A company is building a mobile application that requires users to sign in using their social medi...Easy Q05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...Medium

View all 65 questions →