Answer-first summary for fast verification
Answer: Deploy NAT gateways in public subnets and configure private route tables.
The correct answer is A. To provide internet access to instances in private subnets, the best practice is to use NAT gateways. By deploying NAT gateways in each public subnet across the three Availability Zones (AZs) and configuring the route tables of the private subnets to forward non-VPC traffic to the NAT gateways in their respective AZs, you ensure high availability and fault tolerance. NAT instances (option B) are less recommended due to maintenance and scalability challenges. Option C, adding a second internet gateway, is not feasible since a VPC can only have one internet gateway. Option D, an egress-only internet gateway, is used for IPv6 traffic and does not serve the purpose of providing internet access for private subnets using IPv4.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a VPC with public and private subnets across three AZs, how can a solutions architect enable internet access for private subnets?
A
Deploy NAT gateways in public subnets and configure private route tables.
B
Use NAT instances in private subnets and adjust route tables accordingly.
C
Add a second internet gateway to private subnets and update route tables.
D
Implement an egress-only internet gateway on public subnets and modify route tables.
No comments yet.