ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 107 - ANS-C00 discussion

Report
Export

Your application server instances reside in the private subnet of your VPC. These instances need to access a Git repository on the Internet. You create a NAT gateway in the public subnet of your VPC. The NAT gateway can reach the Git repository, but instances in the private subnet cannot. You confirm that a default route in the private subnet route table points to the NAT gateway. The security group for your application server instances permits all traffic to the NAT gateway.

What configuration change should you make to ensure that these instances can reach the patch server?

A.
Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
Answers
A.
Assign public IP addresses to the instances and route 0.0.0.0/0 to the Internet gateway.
B.
Configure an outbound rule on the application server instance security group for the Git repository.
Answers
B.
Configure an outbound rule on the application server instance security group for the Git repository.
C.
Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
Answers
C.
Configure inbound network access control lists (network ACLs) to allow traffic from the Git repository to the public subnet.
D.
Configure an inbound rule on the application server instance security group for the Git repository.
Answers
D.
Configure an inbound rule on the application server instance security group for the Git repository.
Suggested answer: B

Explanation:

Explanation:

The traffic leaves the instance destined for the Git repository; at this point, the security group must allow it through. The route then directs that traffic (based on the IP) to the NAT gateway. A is wrong because it removes the private aspect of the subnet and would have no effect on the blocked traffic anyway. C is wrong because the problem is that outgoing traffic is not getting to the NAT gateway. D is wrong because to allow outgoing traffic to the Git repository requires an outgoing security group rule.

asked 16/09/2024
Innos Phoku
41 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first