AWS Certified SysOps Administrator – Associate (legacy) — Question 121

While setting up an AWS managed VPN connection, a SysOPs Administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

Answer options

• A. The private IP address of the customer gateway device
• B. The MAC address of the NAT device in front of the customer gateway device
• C. The public IP address of the customer gateway device
• D. The public IP address of the NAT device in front of the customer gateway device

Correct answer: D

Explanation

The correct answer is D, as the public IP address of the NAT device is required for the customer gateway resource to communicate properly over the VPN. The private IP address (A) cannot be used because it is not routable on the internet, and the MAC address (B) is irrelevant in this context. The public IP address of the customer gateway device (C) is also incorrect because the NAT device must be used for external communications.