Exam ANS-C00 topic 1 question 144 discussion

A This information must not traverse the public internet. upload information to an S3 bucket. ----> S3 endpoint You must also be able to update the instances. -------> NAT

We don't know what AMI is being used. Even with AL2 AMI the EC2s might need to use EPEL repo.

Answer is A, for Internet access to update and for S3 Access to use endpoint

Having read the link sapien45 posted and the question mentions Amazon AMIs it looks to me like the best answer is B, its simpler, doesn't incur cost of NAT gateway.

Because the instances need to be updated via Internet.

B is correct, no need internet access for yum update on amazon linux. all go thru AWS internal repos.

The EC2 Instances need to be updated using NAT Gateway.

B it is. Verify that your EC2 instance has access to Amazon Linux repositories using one of the following options Your instance is in a public or private subnet with an S3 VPC endpoint https://aws.amazon.com/premiumsupport/knowledge-center/ec2-troubleshoot-yum-errors-al1-al2/

I agree with mark_232323 - B

Answer is B, Amazon Linux repositories are hosted in Amazon Simple Storage Service (Amazon S3) buckets. To update and install packages on your instance without an internet connection, create an S3 Amazon Virtual Private Cloud (Amazon VPC) gateway endpoint. In the S3 VPC gateway endpoint, include a policy that allows access to the repositories buckets. Then, associate the VPC endpoint with the routing table of your instance subnet. https://aws.amazon.com/premiumsupport/knowledge-center/ec2-al1-al2-update-yum-without-internet/

A would be the answer, you need the S3 endpoint to communicate internally to S3, but you need the NAT to update the instances to the Internet.

A is Correct. 2 Things you MUST make possible... A=Upload to S3 without traversing the internet...S3 Endpoint. B=Must be able to update your EC2, this means you require Internet Access..therefore NAT. Your EC2 instance could be a Windows machine, Linux or anything at all, you will simply need internet access. S3 endpoint is not magically going to give you ability to do windows updates, neither are there lunux repos in the s3 infrastructure!

My ans is B. If you uploaded info to S3 then you only need to change your repo params to select source from S3. We dont need NAT and Internet cnx at all

I think A is correct, as there are 2 things, 1. This (S3) information must not traverse the public internet. --> S3 endpoint 2. You must also be able to update the instances --> NAT

S3 endpoint and PrivateLink, not NAT

I agree with ArekD. B is more likely to be the correct answer

If you using a Nat you are traversing the Internet, where the endpoint uses AWS backbone