AWS Certified Cloud Practitioner (CLF-C02) — Question 495

Which component must be attached to a VPC to enable inbound internet access?

Answer options

• A. NAT gateway
• B. VPC endpoint
• C. VPN connection
• D. Internet gateway

Correct answer: D

Explanation

An Internet gateway is required to allow bi-directional (inbound and outbound) traffic between a VPC and the public internet. Conversely, a NAT gateway only supports outbound-initiated connections from private subnets, while VPC endpoints and VPN connections are used for private AWS service access and secure on-premises connectivity, respectively.