Answer-first summary for fast verification
Answer: Create an egress-only Internet gateway in the VPAdd a route to the existing subnet route tables to point IPv6 traffic to the egress-only internet gateway.
The question revolves around enabling IPv6 connectivity for a workload in a private subnet without allowing IPv6 traffic from the public internet, ensuring that the company's servers initiate all IPv6 connectivity. Option A and B suggest using a NAT gateway or NAT instance with an internet gateway, which is not suitable for IPv6 traffic as NAT is primarily used for IPv4. Option D suggests creating an egress-only internet gateway and configuring a security group to deny all inbound traffic, which aligns with the requirement of not permitting IPv6 traffic from the public internet. However, the key requirement is to ensure that the company's servers initiate all IPv6 connectivity, which is best achieved by using an egress-only internet gateway without additional restrictions that might prevent the servers from initiating connections. Therefore, the most appropriate solution is to create an egress-only internet gateway and add a route to the existing subnet route tables to point IPv6 traffic to the egress-only internet gateway, as described in option C. This setup allows outbound IPv6 traffic initiated by the servers in the private subnet while blocking inbound IPv6 traffic from the internet.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A banking company operates its public mobile banking stack on AWS within a VPC containing private and public subnets, using IPv4 networking without IPv6 support. The company must integrate a third-party API that requires IPv6 connectivity. The network engineer enables IPv6 in the VPC and private subnets but must ensure that IPv6 traffic from the public internet is blocked and that only the company's servers can initiate IPv6 connections.
Which solution meets these requirements?
A
Create an internet gateway and a NAT gateway in the VPC. Add a route to the existing subnet route tables to point IPv6 traffic to the NAT gateway.
B
Create an internet gateway and a NAT instance in the VPC. Add a route to the existing subnet route tables to point IPv6 traffic to the NAT instance.
C
Create an egress-only Internet gateway in the VPAdd a route to the existing subnet route tables to point IPv6 traffic to the egress-only internet gateway.
D
Create an egress-only internet gateway in the VPC. Configure a security group that denies all inbound traffic. Associate the security group with the egress-only internet gateway.
No comments yet.