AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 187

You have a management server that needs to be able to communicate with two subnets. One of these subnets is private. This subnet must remain private and must not pass any traffic back to other subnets.
How would you configure this?

Answer options

• A. Configure a NACL to allow access from the management server to the private server.
• B. Add an ENI to the management server that resides in the subnet of the private server.
• C. You can't do this without allowing traffic back through the other subnet.
• D. Configure a security group rule to allow access from the management server to the private server.

Correct answer: B

Explanation

The correct answer is B because adding an ENI (Elastic Network Interface) in the private server's subnet allows the management server to communicate with it without exposing it to other subnets. Option A only allows access but does not ensure isolation, option C incorrectly states that it cannot be done, and option D involves security groups, which do not provide the necessary interface for the private subnet configuration.