Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 101 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02

Question #: 101
Topic #: 1

[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company has an Amazon EC2 instance running on a private subnet that needs to access a public website to download patches and updates. The company does not want external websites to see the EC2 instance IP address or initiate connections to it.
How can a solutions architect achieve this objective?

A. Create a site-to-site VPN connection between the private subnet and the network in which the public site is deployed.
B. Create a NAT gateway in a public subnet. Route outbound traffic from the private subnet through the NAT gateway.
C. Create a network ACL for the private subnet where the EC2 instance deployed only allows access from the IP address range of the public website.
D. Create a security group that only allows connections from the IP address range of the public website. Attach the security group to the EC2 instance.

Show Suggested Answer

Suggested Answer: B 🗳️

by josebormo at Aug. 10, 2020, 2:54 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

Paitan

Highly Voted 3 years, 8 months ago

Typical requirement for Nat Gateway. So answer is B.

upvoted 39 times

aguy9

3 years, 8 months ago

I agree, answer is B

upvoted 3 times

...

josebormo

Highly Voted 3 years, 8 months ago

I agree it is B

upvoted 12 times

...

bora4motion

Most Recent 2 years, 10 months ago

Selected Answer: B

Correct is B

upvoted 1 times

...

gondohwe

3 years, 5 months ago

Nat Gateway makes senses coz your instances in the private subnet will have a route pointing to it thus allowing them to access the internet for new patches whatever but bear in mind that Nat gateway doesnt allow connections to be initiated from outside to the instances so answer B is suitable looking from a security perspective

upvoted 1 times

...

muhsin

3 years, 5 months ago

to connect to the internet yes we need to have NAT Gateway. But the question is not about it. It is about how we can avoid internet traffic coming to EC2 other than update/path etc. so the answer is D.

upvoted 1 times

...

georgebab

3 years, 7 months ago

Answer is B ---> A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

upvoted 5 times

...