AWS Certified SysOps Administrator – Associate — Question 71

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic.

Which solution will provide the EC2 instances in the private subnet with access to the internet?

Answer options

• A. Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
• B. Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
• C. Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
• D. Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Correct answer: A

Explanation

The correct answer is A because creating a NAT gateway in the public subnet allows instances in the private subnet to route their internet-bound traffic through it. Options B, C, and D are incorrect as they either do not facilitate the necessary route for the private subnet or incorrectly place the NAT gateway in the wrong subnet.