Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test
You have instances hosted in a private subnet in a VPC. There is a need for the instances to download updates from the Internet. As an architect, what change would you suggest to the IT Operations team which would also be the most efficient and secure?
A. Create a new public subnet and move the instance to that subnet.
B. Create a new EC2 Instance to download the updates separately and then push them to the required instance.
C. Use a NAT Gateway to allow the instances in the private subnet to download the updates.
D. Create a VPC link to the Internet to allow the instances in the private subnet to download the updates.
Explanation:
Answer – C
The NAT Gateway is an ideal option to ensure that instances in the private subnet have the ability to download updates from the Internet.
- For more information on the NAT Gateway, please refer to the below URL:
- https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html
- Option A is not suitable because there may be a security reason for keeping these instances in the private subnet. (for example: db instances)
- Option B is also incorrect. The instances in the private subnet may be running various applications and db instances. Hence, it is not advisable or practical for an EC2 Instance to download the updates separately and then push them to the required instance.
- Option D is incorrect because a VPC link is not used to connect to the Internet.
Comments are closed, but trackbacks and pingbacks are open.