ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 169 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 169
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the administrator add to the route tables?

  • A. Route ::/0 traffic to a NAT gateway
  • B. Route ::/0 traffic to an internet gateway
  • C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
  • D. Route ::/0 traffic to an egress-only internet gateway
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Liongeek at Nov. 16, 2022, 10:12 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tyfta6
Highly Voted 2 years, 6 months ago
Selected Answer: D
Vote for D IPV4 = NAT Instance/Gateway | 0.0.0.0 IPV6 = Egress-Only Internet Gateway | ::/0
upvoted 9 times
...
Liongeek
Highly Voted 2 years, 7 months ago
Ans: D Ref: https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html
upvoted 6 times
...
r2c3po
Most Recent 1 year, 5 months ago
Selected Answer: B
B. Route ::/0 traffic to an internet gateway To enable IPv6 traffic from an Amazon VPC to the internet, you need to add a default route (::/0) pointing to an internet gateway in the VPC's route table. This allows outbound traffic to reach the internet. This route configuration allows all IPv6 traffic (::/0) to be directed to the internet gateway, enabling communication with the internet. # Option A is incorrect because using a NAT gateway is typically for IPv4 traffic and is not applicable for IPv6. # Options C and D are not relevant for enabling outbound internet access in an IPv6-enabled VPC. Egress-only internet gateways are used for allowing outbound traffic initiated by resources in the VPC to reach the internet, but they are not used for incoming traffic from the internet.
upvoted 1 times
Aamee
9 months ago
It's def. not 'B'. Read the question one more time. The VPC traffic only needs to communicate with the IGW and not vice versa. Therefore , D is correct considering the scenario discussed in this question IMO.
upvoted 1 times
...
...
Christina666
1 year, 10 months ago
Selected Answer: D
IPv6 addresses are globally unique, and are therefore public by default. If you want your instance to be able to access the internet, but you want to prevent resources on the internet from initiating communication with your instance, you can use an egress-only internet gateway. To do this, create an egress-only internet gateway in your VPC, and then add a route to your route table that points all IPv6 traffic (::/0) or a specific range of IPv6 address to the egress-only internet gateway. IPv6 traffic in the subnet that's associated with the route table is routed to the egress-only internet gateway.
upvoted 4 times
...
Boul
1 year, 11 months ago
It cannot be B, since access from the internet must be prohibited
upvoted 2 times
...
Cagarrieres
2 years, 2 months ago
Ddddddddddd
upvoted 1 times
...
skiwili
2 years, 5 months ago
Selected Answer: D
Dddddddd
upvoted 4 times
...
michaldavid
2 years, 6 months ago
Selected Answer: D
ddddddd
upvoted 1 times
...
Xelnak
2 years, 7 months ago
Selected Answer: B
B. Route ::/0 traffic to an internet gateway NOT D because egress-only-internet-gateway is for accessing internet from private subnet
upvoted 2 times
beznika
2 years, 6 months ago
It says that access from the internet is prohibited. So the only option correct here is D.
upvoted 2 times
...
jtz31
2 years, 6 months ago
For me it's D. We don't know if we try to access from private or public net, right?
upvoted 1 times
Aamee
9 months ago
The question doesn't state specifically about either public or private subnets here. It clearly states this "access from the internet towards the VPC is prohibited". That means the traffice from VPC need to communicate with IGW to the internet via an egress route option only and not vice versa. Therefore D is absolutely satisfying this requirement.
upvoted 1 times
...
...
fig
1 year, 7 months ago
IPv6 is Public by nature... So it is D
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel