ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 905 discussion

Exam question from Amazon's AWS-SysOps
Question #: 905
Topic #: 1
[All AWS-SysOps Questions]

A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented strict IP whitelisting that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?

  • A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
  • B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
  • C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
  • D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by krishna2812 at May 3, 2021, 7:56 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
binhdt2611
Highly Voted 2 years, 6 months ago
A is answer - Assign Elastic IP address to NAT gateway when create You must also specify an Elastic IP address to associate with the NAT gateway when you create it. The Elastic IP address cannot be changed after you associate it with the NAT Gateway. After you've created a NAT gateway, you must update the route table associated with one or more of your private subnets to point internet-bound traffic to the NAT gateway. This enables instances in your private subnets to communicate with the internet. https://medium.com/@gboyegadada/aws-how-to-create-a-static-ip-address-using-a-nat-gateway-845c884aa4bd https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
upvoted 11 times
...
albert_kuo
Most Recent 9 months, 1 week ago
Selected Answer: A
By moving all of the EC2 instances behind a NAT (Network Address Translation) gateway, all outgoing traffic from the instances will appear to come from the NAT gateway's public IP address. This effectively makes all build uploads originate from the same IP address, which aligns with the strict IP whitelisting requirement of the third-party service.
upvoted 1 times
...
gulu73
1 year, 2 months ago
Selected Answer: A
A is the answer
upvoted 1 times
...
Cyril_the_Squirl
2 years, 5 months ago
A is Correct. NAT gateway has an option to attach an EIP on creation and you can see it. Yes NAT hides the internal IP Addresses but it doesn't mean bidirectional communication is not possible, every known IP network uses NAT. The point of it is though that the internet sources cannot initiate a session, gateways are designed to be stateful therefore as long as the connection is initiated from inside your VPC, it will be bidirectional. | There is no way to attach an EIP to IGW, therefore making A the correct answer.
upvoted 1 times
...
Pupina
2 years, 6 months ago
B - For me the answer is an IGW. NAT is for only outbound. IGW Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address). https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
upvoted 1 times
...
fuzzth
2 years, 6 months ago
A is the answer, no need to use IGW.
upvoted 3 times
...
TroyMcLure
2 years, 6 months ago
Correct Answer: A The NAT GW's public IP Address would comply with this requirement
upvoted 1 times
...
RicardoD
2 years, 6 months ago
A is the answer use NAT IP as a whitelisted one
upvoted 2 times
...
krishna2812
2 years, 7 months ago
It should be B the IG Ip Address
upvoted 2 times
Drey
2 years, 6 months ago
why? can I have references? thanks
upvoted 1 times
...
AMohanty
2 years, 5 months ago
A. Just using IGW cannot ensure all requests come from a Single IP. + You will be using all EC2 instances behing a NAT GW and direct the NAT GW traffic onto a IGW.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago