AWS Certified Solutions Architect – Professional — Question 152

An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched.
Which of the following must be done for the custom NAT instance to work?

Answer options

• A. The source/destination checks should be disabled on the NAT instance.
• B. The NAT instance should be launched in public subnet.
• C. The NAT instance should be configured with a public IP address.
• D. The NAT instance should be configured with an elastic IP address.

Correct answer: A

Explanation

Disabling source/destination checks on the NAT instance is necessary because NAT instances require the ability to route traffic that is not directly intended for them. The other options do not address the core requirement of modifying the source/destination checks and may not be necessary depending on the specific configurations of the VPC and NAT instance.