Topic 1 Question 126

AWS Certified Advanced Networking - Specialty

Topic 1 Question 126
A company needs to temporarily scale out capacity for an on-premises application and wants to deploy new servers on Amazon EC2 instances. A network engineer must design the networking solution for the connectivity and for the application on AWS.

The EC2 instances need to share data with the existing servers in the on-premises data center. The servers must not be accessible from the internet. All traffic to the internet must route through the firewall in the on-premises data center. The servers must be able to access a third-party web application.

Which configuration will meet these requirements?
- Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a NAT gateway in a public subnet. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add a default route to the NAT gateway. Add routes for the data center subnets to the virtual private gateway. Deploy the application to the private subnets.
- Create a VPC that has private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the private subnets with the route table. Add a default route to the virtual private gateway. Deploy the application to the private subnets.
- Create a VPC that has public subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the public subnets.
- Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the private subnets.
ユーザの投票
コメント(10)
- 正解だと思う選択肢: B
  note this requirement :
  The servers must not be accessible from the internet. All traffic to the internet must route through the firewall in the on-premises data center.
  
  So why do we use NAT GW here, if the requirement said ' All traffic to the internet must route through the firewall in the on-premises data center'
  
  👍 7
  ryluis2023/06/09
- 正解だと思う選択肢: B
  i agree with B
  
  👍 4
  papercuts232023/06/12
- Answer should be B. You don't need to a private subnet as you should only be able to get to the instances from on prem, also you don't need a public subnet with a nat gateway as internet traffic goes through on prem firewall. They should fix "the show answer" to be correct at least 50% of the time. You would be lost going by there answers as they are terrible.
  
  👍 4
  devilman2222023/06/15
シャッフルモード

ユーザの投票

コメント(10)