Exam AWS Certified SysOps Administrator - Associate topic 1 question 156 discussion

IPv6 address are public by default therefor they are accessible from the internet. If you want an IPv6 instance to have access to the internet but not accessible from the internet you should use an IPv6 egress-only internet gateway. Then add a route in the route table to point internet traffic, ::/0 to the egress-only internet gateway. https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html

IPv6 only (egress) : Internet G/W IPv4 only (ingress) : NAT G/w

Egress-only internet gateway basics IPv6 addresses are globally unique, and are therefore public by default. If you want your instance to be able to access the internet, but you want to prevent resources on the internet from initiating communication with your instance, you can use an egress-only internet gateway. To do this, create an egress-only internet gateway in your VPC, and then add a route to your route table that points all IPv6 traffic (::/0) or a specific range of IPv6 address to the egress-only internet gateway. IPv6 traffic in the subnet that's associated with the route table is routed to the egress-only internet gateway. An egress-only internet gateway is stateful: it forwards traffic from the instances in the subnet to the internet or other AWS services, and then sends the response back to the instances.

Answer is C https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

NAT Gateways are primarily used for IPv4 traffic and not IPv6

C. egress-only internet gateway

ccccccc

ingress iP v4 only egress iP v6 only /// one way connection to internet without being exposed

egress-only internet gateway

IPV6 needs an internet-only gateway

Ans is C Only egress-only internet gateway can be used to let instance go to internet without being exposed