AWS Certified SysOps Administrator – Associate (legacy) — Question 17

A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the
VPC is prohibited. After adding and configuring the required components to the VPC, the Administrator is unable to connect to any of the domains that reside on the internet.
What additional route destination rule should the Administrator add to the route tables?

Answer options

• A. Route ::/0 traffic to a NAT gateway
• B. Route ::/0 traffic to an internet gateway
• C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
• D. Route ::/0 traffic to an egress-only internet gateway

Correct answer: D

Explanation

The correct answer is D because an egress-only internet gateway is specifically designed for IPv6 traffic and allows outbound traffic while preventing inbound connections. Options A and C are incorrect as they either refer to IPv4 traffic or do not appropriately allow for the necessary IPv6 egress traffic. Option B is also incorrect since it suggests using an internet gateway without considering the egress-only requirement for IPv6.