What should be added to the private subnet's route table in order to address this issue, given the information provided?

What should be added to the private subnet’s route table in order to address this issue, given the information provided?

exams SOA-C02 V5 SOA-C02 exam 0 Comments

A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

What should be added to the private subnet’s route table in order to address this issue, given the information provided?
A . 0.0.0.0/0 IGW
B . 0.0.0.0/0 NAT
C . 10.0.1.0/24 IGW
D . 10.0.1.0/24 NAT

Answer: B

Explanation:

Understand the Problem:

An instance in a private subnet needs internet access for downloading patches.

There is an existing NAT gateway in the public subnet.

Analyze the Requirements:

Provide internet access to the private subnet instance through the NAT gateway.

Ensure resources in the private subnet remain inaccessible from the public internet.

Evaluate the Options:

Option A: 0.0.0.0/0 IGW.

This would route traffic directly to the internet gateway, exposing the instance to the public internet.

Option B: 0.0.0.0/0 NAT.

This routes traffic destined for the internet through the NAT gateway, allowing outbound connections while keeping the instance protected from inbound internet traffic.

Option C: 10.0.1.0/24 IGW.

This does not provide the necessary route for internet access and incorrectly uses the internet gateway for local traffic.

Option D: 10.0.1.0/24 NAT.

This also incorrectly uses the NAT gateway for local traffic, which is unnecessary.

Select the Best Solution:

Option B: Adding a route for 0.0.0.0/0 with the target set to the NAT gateway ensures that the private subnet instance can access the internet while remaining protected from inbound internet traffic.

Reference: Amazon VPC NAT Gateways

Private Subnet Route Table

Configuring the private subnet route table to use the NAT gateway for 0.0.0.0/0 ensures secure and efficient internet access for instances in the private subnet.