Answer-first summary for fast verification
Answer: Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a NAT gateway in a public subnet. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add a default route to the NAT gateway. Add routes for the data center subnets to the virtual private gateway. Deploy the application to the private subnets.
The correct configuration must ensure that the EC2 instances are not accessible from the internet, all traffic to the internet routes through the on-premises firewall, and the servers can access a third-party web application. Option A meets these requirements by creating a VPC with both public and private subnets. The private subnets are used for deploying the application, ensuring it's not directly accessible from the internet. A NAT gateway in a public subnet allows instances in the private subnet to initiate outbound traffic to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. The AWS Site-to-Site VPN connection, along with the customer gateway and virtual private gateway, ensures secure communication between the on-premises data center and the AWS VPC. The route tables are correctly configured to route traffic to the internet through the NAT gateway for private subnets and to the on-premises data center through the virtual private gateway. This setup ensures that all traffic to the internet is routed through the on-premises firewall, as required.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company requires temporary scaling of capacity for an on-premises application by deploying new servers on Amazon EC2 instances. A network engineer must design a networking solution to ensure connectivity and application functionality on AWS.
The EC2 instances must exchange data with existing servers in the on-premises data center. The servers should not be accessible from the internet, and all internet-bound traffic must route through the on-premises data center's firewall. Additionally, the servers need access to a third-party web application.
Which configuration fulfills these requirements?
A
Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a NAT gateway in a public subnet. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add a default route to the NAT gateway. Add routes for the data center subnets to the virtual private gateway. Deploy the application to the private subnets.
B
Create a VPC that has private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the private subnets with the route table. Add a default route to the virtual private gateway. Deploy the application to the private subnets.
C
Create a VPC that has public subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the public subnets.
D
Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the private subnets.