AWS Certified Cloud Practitioner — Question 866

A company is running Amazon EC2 instances in a private subnet in a VPC.

Which AWS service or feature can provide the EC2 instances with network connections to the internet?

Answer options

• A. Gateway endpoint
• B. NAT gateway
• C. Network Load Balancer
• D. Amazon Route 53

Correct answer: B

Explanation

A NAT gateway allows Amazon EC2 instances in a private subnet to connect to the internet for outbound traffic while preventing the internet from initiating inbound connections. Gateway endpoints are designed for private connections to Amazon S3 and DynamoDB, not general internet access. Network Load Balancers distribute incoming traffic, and Amazon Route 53 is a DNS service, neither of which enables outbound internet connectivity for private instances.