Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test

Answer – C

The following diagram from AWS Documentation shows the right setup for this scenario:

We always need to keep Nat gateway on public Subnet only, because it needs to communicate internet.

Aws says that “To create a NAT gateway, you must specify the public subnet in which the NAT gateway should reside. You must also specify an Elastic IP address to associate with the NAT gateway when you create it. After you’ve created a NAT gateway, you must update the route table associated with one or more of your private subnets to point Internet-bound traffic to the NAT gateway. This enables instances in your private subnets to communicate with the internet.”

• For more information on this setup, please refer to the below URL:
  • https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

NOTE:

Here the requirement is that  “There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet.”

1) There should be no access to the database from the Internet.
To achieve this step, we have to launch the database inside the private subnet.

2)But the cluster must be able to obtain software patches from the Internet.
For this, we have to create NAT Gateway inside the Public Subnet. Because the subnet with internet gateway attached is known as Public Subnet. Through the NAT Gateway, a database inside the Private subnet can access the internet. Option D is saying that “User private subnet for NAT gateway”.

So Option C having these discussed Points and it’s a perfect answer.