本题库由云计算狂魔微信公众号分享。
【SAA-C03助理级解决方案架构师认证】
A company has an Amazon EC2 instance running on a private subnet that needs to access a public websites to download patches and updates. The company does not want external websites to see the EC2 instance IP address or initiate connection to it. How can a solution architect achieve this objective?
A : Create a site-to-site VPN connection between the private subnet and the network in which
the public site is deployed
B : Create a NAT gateway in a public subnet Route outbound traffic from the private subnet through the NAl gateway
C : Create a network ACL for the private subnet where the EC2 instance deployed only allows access from the IP address range of the public website
D : Create a security group that only allows
connections from the IP address range of the public website. Attach the security group to the EC2 instance.
正确答案: B
题目解析:
You can use a network addresstranslation(NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances
NAT gateway is like proxy server and connect EC2 instances in a private subnet to internet.