AWS Certified Cloud Practitioner (CLF-C02) — Question 178
A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the internet from accessing the EC2 instance.
Which AWS managed service allows this?
Answer options
- A. VPC endpoint
- B. NAT gateway
- C. Amazon PrivateLink
- D. VPC peering
Correct answer: B
Explanation
The correct answer is B, NAT gateway, as it allows instances in a private subnet to access the internet for outbound traffic while preventing inbound traffic from the internet. Options A, C, and D do not provide this specific functionality; a VPC endpoint is for private connectivity, Amazon PrivateLink facilitates private service access, and VPC peering is used for connecting two VPCs.