Exam AWS-SysOps topic 1 question 672 discussion

NAT gateway always attached to Public subnet, not private. AD should be correct

why not ad

According to the chat GPT answer is A and D Configure NAT Gateway: The SysOps Administrator can set up a NAT Gateway in a public subnet to route traffic from the private subnet to the internet. This will enable EC2 instances to automatically update themselves and access the internet securely. Configure a Bastion Host: A Bastion Host can be used to allow remote access to EC2 instances in a private subnet. The SysOps Administrator can set up a Bastion Host in a public subnet, which acts as a jump server to access EC2 instances in the private subnet. The Bastion Host can be configured with a secure SSH connection

B and E are correct. A is wrong. Bastion host lbs belong in the public subnet and have access in the private subnet. This the whole point of bastion hosts. B. Is correct. C is wrong and just a silly option. D is wrong, you already have IGW in public subnet giving internet access to your entire VPC, you use NAT gateway in private subnet with IGW as its default route. E is correct, route tables must reflect that 0.0.0.0/0 traffic is forwarded to IGW.

A | D are the answers You should add a bastion host (A) on the public subnet, so you can log into it and then get access to the DB, then add a NAT gateway (D) so the server can send responses to internet

A. Set up a bastion host in a public subnet, and configure security groups and route tables accordingly. D. Set up a NAT gateway in a public subnet, and change the private subnet route tables accordingly. Seem correct

A & D as bots nat gateway and bastion host are in public subnet

A and D. Note Nat Gateway is associated with the private subnet but it is placed in the public subnet.

I'll go with A,D

> A & D

A. Set up a bastion host in a public subnet, and configure security groups and route tables accordingly. D. Set up a NAT gateway in a public subnet, and change the private subnet route tables accordingly. Correct answer A & D.

A and D are the right answers. Both Bastion host and NAT gateway should be placed in a public subnet. "Bastion hosts are "instances that sit within your public subnet and are typically accessed using SSH or RDP". For those who were thinking of E as a good answer: "Use a NAT gateway in a public VPC subnet to enable outbound internet traffic from instances in a private subnet."

A and D are the right answers. Both Bastion host and NAT gateway should be placed in a public subnet. "Bastion hosts are "instances that sit within your public subnet and are typically accessed using SSH or RDP". For those who were thinking of E as a good answer: "Use a NAT gateway in a public VPC subnet to enable outbound internet traffic from instances in a private subnet."

AD is the ans

A AND E

A and D are valid answers.

Nevermind it is A and D. Subnet associated with nat gateway is classified as a public subnet with outbound internet connection.