AWS Certified SysOps Administrator – Associate (legacy) — Question 132

An Administrator has an Amazon EC2 instance with an IPv6 address. The Administrator needs to prevent direct access to this instance from the Internet.
The Administrator should place the EC2 instance in a:

Answer options

• A. Private Subnet with an egress-only Internet Gateway attached to the subnet and placed in the subnet Route Table.
• B. Public subnet with an egress-only Internet Gateway attached to the VPC and placed in the VPC Route Table.
• C. Private subnet with an egress-only Internet Gateway attached to the VPC and placed in the subnet Route Table.
• D. Public subnet and a security group that blocks inbound IPv6 traffic attached to the interface.

Correct answer: C

Explanation

The correct answer is C because placing the EC2 instance in a private subnet with an egress-only Internet Gateway allows it to initiate outbound traffic while preventing inbound traffic from the Internet. Options A and B do not provide the required isolation from direct Internet access, and option D may not effectively block all unwanted inbound traffic despite the security group configuration.