Explanation:
The correct configuration must ensure that the EC2 instances are not accessible from the internet, all traffic to the internet routes through the on-premises firewall, and the servers can access a third-party web application. Option A meets these requirements by creating a VPC with both public and private subnets. The private subnets are used for deploying the application, ensuring it's not directly accessible from the internet. A NAT gateway in a public subnet allows instances in the private subnet to initiate outbound traffic to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. The AWS Site-to-Site VPN connection, along with the customer gateway and virtual private gateway, ensures secure communication between the on-premises data center and the AWS VPC. The route tables are correctly configured to route traffic to the internet through the NAT gateway for private subnets and to the on-premises data center through the virtual private gateway. This setup ensures that all traffic to the internet is routed through the on-premises firewall, as required.
Ultimate access to all questions.
No comments yet.
A company requires temporary scaling of capacity for an on-premises application by deploying new servers on Amazon EC2 instances. A network engineer must design a networking solution to ensure connectivity and application functionality on AWS.
The EC2 instances must exchange data with existing servers in the on-premises data center. The servers should not be accessible from the internet, and all internet-bound traffic must route through the on-premises data center's firewall. Additionally, the servers need access to a third-party web application.
Which configuration fulfills these requirements?
A
Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a NAT gateway in a public subnet. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add a default route to the NAT gateway. Add routes for the data center subnets to the virtual private gateway. Deploy the application to the private subnets.
B
Create a VPC that has private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the private subnets with the route table. Add a default route to the virtual private gateway. Deploy the application to the private subnets.
C
Create a VPC that has public subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the public subnets.
D
Create a VPC that has public subnets and private subnets. Create a customer gateway, a virtual private gateway, and an AWS Site-to-Site VPN connection. Create a route table, and associate the public subnets with the route table. Add a default route to the internet gateway. Create a route table, and associate the private subnets with the route table. Add routes for the on-premises data center subnets to the virtual private gateway. Deploy the application to the private subnets.