Exam AWS-SysOps topic 1 question 6 discussion

When attached to an Amazon VPC (Virtual Private Cloud), the two primary components that provide connectivity with external networks are: Internet Gateway (IGW): An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It serves as a target in your VPC route tables for Internet-routable traffic, providing a path for outbound and inbound traffic. Virtual Private Gateway (VGW): A Virtual Private Gateway is the Amazon VPC side of a VPN connection. It enables instances in your VPC to securely connect to your on-premises network over an IPsec VPN connection. This is essential for extending your on-premises data center into the cloud securely.

The question asked here attached to vpc , it is very simple NAT Gateway dont attached to VPC but created inside Public Subnet of VPC . Internet Gateway created and attached to VPC.

C. Internet Gateway (IGW): The Internet Gateway allows traffic to flow between your VPC and the internet. It provides a path for public internet connectivity to resources inside the VPC. This is essential for instances that need to communicate with external services on the internet. B. NAT Gateway (NAT): The Network Address Translation (NAT) Gateway allows private instances within the VPC to access the internet while preventing incoming internet traffic from directly reaching those instances. It provides a way for private subnets to communicate with the internet for tasks like software updates, downloading packages, etc., without exposing the instances' public IPs.

I think the correct answers are A and C.

A is incorrect; B provided egress for EC2 in private subnets; C is correct; D is for VPN connection over Internet

For sure. Since NAT gateway provides egress only access for instances in private subnets. And IGW provides egress/Ingress access to resources in public subnets.

should be CD.. offer connection to external, means, the external can access the instances in VPC from internet and on-premise. A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

I don't know which but I did another question in which external means an on-premise network. So I will go with C and D

I think external mean the "Internet", so i go with B & C

D is peering connection used to connect between two VPCs. The question asking external network so answer should be B & C

B & C are right answers. B - NAT gateway provides egress only access for instances in private subnets. C - IGW provides egress/Ingress access to resources in public subnets.

B and C Purpose of NAT GW is to provide Internet access for VPC private instances.

C & D are the right answers, C to access the external network through the internet from the vpc and D when making a VPN connection.

what is the correct answer ? We have VPG for VPC as well which helps to connect on-prem.

I think "external network" mean internet access. So my choice is B & C.