ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 203 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 203
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

An EC2 instance that performs source/destination checks by default is launched in a private VPC subnet. All security, NACL, and routing definitions are configured as expected. A custom NAT instance is launched.
Which of the following must be done for the custom NAT instance to work?

  • A. The source/destination checks should be disabled on the NAT instance.
  • B. The NAT instance should be launched in public subnet.
  • C. The NAT instance should be configured with a public IP address.
  • D. The NAT instance should be configured with an elastic IP address.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/ destination checks on the NAT instance.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#EIP_DisableSrcDestCheck
by doyb at March 30, 2020, 7:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mnsait
4 months, 4 weeks ago
Selected Answer: A
A is correct (this step is not mandatory). All others are needed. Explanation: A: Correct. It is not necessary for NAT to always be in public subnet. We have architectures where NAT is private. The next hop is AWS network account within the organization where there is a NAT in the public subnet. There is communication between the NAT in private subnet in the project account and the NAT in the public subnet in the organization network account. Hence it is not a general rule that ALL NAT should be in public subnet.
upvoted 1 times
...
amministrazione
8 months, 2 weeks ago
A. The source/destination checks should be disabled on the NAT instance.
upvoted 1 times
...
johnnsmith
3 years, 2 months ago
A is correct. The ask is "must". A is a must. B is not a must. C or D alone is not a must.
upvoted 2 times
...
Pb55
3 years, 6 months ago
Agree, question should be NOT and then D is correct.
upvoted 2 times
robertomartinez
3 years, 6 months ago
agree the question sux with weird mix of must and should, imho the whole question is wrong , but having an EIP on NAT instance is not an issue (often a solution to whitelist NAT IP into external firewall)
upvoted 1 times
...
...
DashL
3 years, 6 months ago
A, B and either C or D (It should have an Elastic IP or a Public IP) are correct. Tgis is confusing question.
upvoted 1 times
...
kuroro
3 years, 6 months ago
A & B are both correct
upvoted 1 times
...
01037
3 years, 6 months ago
I guess the question is which is NOT then answer would be D
upvoted 2 times
...
learner4ever
3 years, 6 months ago
A is correct... but B is also correct... right?
upvoted 2 times
newme
3 years, 6 months ago
Also think so.
upvoted 1 times
Mansur
3 years, 6 months ago
Same here. B also correct.
upvoted 1 times
...
...
...
doyb
3 years, 7 months ago
A is the right answer.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago