ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_PBC-6.4 All Questions

View all questions & answers for the NSE7_PBC-6.4 exam
Go to Exam

Exam NSE7_PBC-6.4 topic 1 question 13 discussion

Actual exam question from Fortinet's NSE7_PBC-6.4
Question #: 13
Topic #: 1
[All NSE7_PBC-6.4 Questions]


Refer to the exhibit. In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an
EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?

  • A. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.
  • B. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.
  • C. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.
  • D. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by kinge2 at July 18, 2022, 10:41 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
charruco
2 years, 4 months ago
Selected Answer: D
D is correct Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.
upvoted 1 times
...
mordechayd
2 years, 6 months ago
D. you must put the Nat Gateway (NGW) on subnet with defult route to IGW and after that route the traffic from private subnet to the NGW , The nat gateway forward the traffic to IGW
upvoted 2 times
...
tachy_22
2 years, 9 months ago
I agree, D is correct.
upvoted 2 times
...
kinge2
2 years, 9 months ago
D is correct as per the study guide page 72 - AWS NAT gateway allows instances in a private subnet to connect to the internet or other AWS services without using NAT instance. the main routing table sends internet traffic from the private subnet instances to the NAT gateway, then NAT gateway sends traffic ti the IGW using the source IP address of the elastic IP address.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago