AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 252

Your company is working on a transition from IPv4 to IPv6 but is concerned about the security of having public IPv6 addresses attached to instances in a public network. They currently use a NAT to allow outbound traffic for instances. Outbound traffic is required for updates. What are two options to alleviate your company's concerns? (Choose two.)

Answer options

• A. Remove any rules allowing ::/0 inbound in the security group.
• B. Block ::/0 inbound in the NACL.
• C. Create an egress-only internet gateway.
• D. Block 0.0.0.0/0 inbound in the NACL.

Correct answer: A, C

Explanation

Option A is correct because removing rules that allow inbound traffic from ::/0 enhances security by preventing unwanted access to instances. Option C is also correct since an egress-only internet gateway enables outbound traffic for IPv6 instances while preventing inbound traffic, addressing the security concern. Options B and D are not correct because they either do not directly address the concerns related to IPv6 traffic or focus on IPv4 traffic, which is not the primary issue in this scenario.