AWS Certified Solutions Architect – Professional — Question 80

After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the
NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful.
Which of the following steps could resolve the issue?

Answer options

• A. Disabling the Source/Destination Check attribute on the NAT instance
• B. Attaching an Elastic IP address to the instance in the private subnet
• C. Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet
• D. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet

Correct answer: A

Explanation

Disabling the Source/Destination Check on the NAT instance allows it to route traffic between the private and public subnets, which is essential for NAT functionality. The other options do not address the routing issue; attaching an Elastic IP to the private instance does not help since it is not meant for direct internet access, while modifying ENIs without proper configuration does not resolve the NAT routing requirements.