AWS Certified SysOps Administrator – Associate (legacy) — Question 200

A company has multiple web applications running on Amazon EC2 instances in private subnets. The EC2 instances require connectivity to the internet for patching purposes, but cannot be publicly accessible.
Which step will meet these requirements?

Answer options

• A. Add an internet gateway and update the route tables.
• B. Add a NAT gateway to the VPC and update the route tables.
• C. Add an interface endpoint and update the route tables.
• D. Add a virtual gateway to the VPC and update the route tables.

Correct answer: B

Explanation

The correct answer is B, as a NAT gateway allows instances in a private subnet to access the internet for updates while keeping them secure from public access. Option A is incorrect because an internet gateway would make the instances publicly accessible. Option C, while related to VPC connectivity, does not provide internet access. Option D is not applicable for providing internet connectivity for private instances.