AWS Certified SysOps Administrator – Associate (legacy) — Question 333

A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The
NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

Answer options

• A. Destination: 0.0.0.0/0 and Target: i-a12345
• B. Destination: 20.0.0.0/0 and Target: 80
• C. Destination: 20.0.0.0/0 and Target: i-a12345
• D. Destination: 20.0.0.0/24 and Target: i-a12345

Correct answer: A

Explanation

To enable instances in a private subnet to access the internet, a route must direct all out-of-VPC traffic (represented by 0.0.0.0/0) to the NAT instance. Option A correctly specifies 0.0.0.0/0 as the destination and the NAT instance ID i-a12345 as the target. The other options are incorrect because they either use incorrect destination CIDRs or specify an invalid target like port 80.