AWS Certified SysOps Administrator – Associate — Question 58

A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the administrator add to the route tables?

Answer options

• A. Route ::/0 traffic to a NAT gateway
• B. Route ::/0 traffic to an internet gateway
• C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
• D. Route ::/0 traffic to an egress-only internet gateway

Correct answer: D

Explanation

The correct answer is D because an egress-only internet gateway allows outbound traffic for IPv6 addresses while preventing incoming traffic, which is required in this scenario. Option A is incorrect as a NAT gateway is not suitable for IPv6 traffic. Option B is wrong because an internet gateway allows both inbound and outbound traffic, violating the requirement. Option C is incorrect since it refers to IPv4 traffic, not IPv6.