ANS-C01 · Question #24
ANS-C01 Question #24: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #24. The question stem and answer options stay visible for context.
Question
A company has deployed Amazon EC2 instances in private subnets in a VPC. The EC2 instances must initiate any requests that leave the VPC, including requests to the company's on- premises data center over an AWS Direct Connect connection. No resources outside the VPC can be allowed to open communications directly to the EC2 instances. The on-premises data center's customer gateway is configured with a stateful firewall device that filters for incoming and outgoing requests to and from multiple VPCs. In addition, the company wants to use a single IP match rule to allow all the communications from the EC2 instances to its data center from a single IP address. Which solution will meet these requirements with the LEAST amount of operational overhead?
Options
- ACreate a VPN connection over the Direct Connect connection by using the on-premises firewall.
- BConfigure the on-premises firewall to filter all requests from the on-premises network to the EC2
- CDeploy a NAT gateway into a private subnet in the VPC where the EC2 instances are deployed.
- DDeploy a NAT instance into a private subnet in the VPC where the EC2 instances are deployed.
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.