Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 470 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 470
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has applications hosted on Amazon EC2 instances with IPv6 addresses. The applications must initiate communications with other external applications using the internet. However the company’s security policy states that any external service cannot initiate a connection to the EC2 instances.

What should a solutions architect recommend to resolve this issue?

  • A. Create a NAT gateway and make it the destination of the subnet's route table
  • B. Create an internet gateway and make it the destination of the subnet's route table
  • C. Create a virtual private gateway and make it the destination of the subnet's route table
  • D. Create an egress-only internet gateway and make it the destination of the subnet's route table
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by radev at May 15, 2023, 8:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
wRhlH
Highly Voted 1 year, 4 months ago
For exam, egress-only internet gateway: IPv6 NAT gateway: IPv4
upvoted 50 times
MatAlves
2 months, 1 week ago
Good stuff. "An egress-only internet gateway is for use with IPv6 traffic only. To enable outbound-only internet communication over IPv4, use a NAT gateway instead." https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html
upvoted 1 times
...
b82faaf
11 months, 2 weeks ago
This is very helpful, thanks.
upvoted 3 times
...
RDM10
1 year, 2 months ago
thanks a lot
upvoted 3 times
...
...
cloudenthusiast
Highly Voted 1 year, 6 months ago
Selected Answer: D
An egress-only internet gateway (EIGW) is specifically designed for IPv6-only VPCs and provides outbound IPv6 internet access while blocking inbound IPv6 traffic. It satisfies the requirement of preventing external services from initiating connections to the EC2 instances while allowing the instances to initiate outbound communications.
upvoted 8 times
cloudenthusiast
1 year, 6 months ago
Since the company's security policy explicitly states that external services cannot initiate connections to the EC2 instances, using a NAT gateway (option A) would not be suitable. A NAT gateway allows outbound connections from private subnets to the internet, but it does not restrict inbound connections from external sources.
upvoted 5 times
pentium75
10 months, 3 weeks ago
"A NAT gateway ... does not restrict inbound connections from external sources." Actually it does, but only for IPv4.
upvoted 1 times
...
...
[Removed]
1 year, 5 months ago
Enable outbound IPv6 traffic using an egress-only internet gateway https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html
upvoted 2 times
...
...
MatAlves
Most Recent 2 months, 1 week ago
Selected Answer: D
"An egress-only internet gateway is for use with IPv6 traffic only. To enable outbound-only internet communication over IPv4, use a NAT gateway instead." https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html
upvoted 1 times
...
Guru4Cloud
1 year, 3 months ago
Selected Answer: D
D. Create an egress-only internet gateway and make it the destination of the subnet's route table
upvoted 1 times
...
TariqKipkemei
1 year, 5 months ago
Selected Answer: D
Outbound traffic only = Create an egress-only internet gateway and make it the destination of the subnet's route table
upvoted 1 times
...
radev
1 year, 6 months ago
Selected Answer: D
Egress-Only internet Gateway
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel