A company has a VPC with an IPv6 address range and a public subnet with an IPv6 address block. The VPC currently hosts some public Amazon EC2 instances, but a security engineer needs to migrate a second application into the VPC that also requires IPv6 connectivity. This new application will occasionally make API requests to an external, internet-accessible endpoint to receive updates. However, the security team does not want the application's EC2 instance exposed directly to the internet. The security engineer intends to create a private subnet with a custom route table and to associate the route table with the private subnet. What else does the security engineer need to do to ensure the application will not be exposed directly to the internet, but can still communicate as required?
A) Launch a NAT instance in the public subnet. Update the custom route table with a new route to the NAT instance.
B) Remove the internet gateway, and add AWS PrivateLink to the VPC. Then update the custom route table with a new route to AWS PrivateLink.
C) Add a managed NAT gateway to the VPC. Update the custom route table with a new route to the gateway.
D) Add an egress-only internet gateway to the VPC. Update the custom route table with a new route to the gateway.
Correct Answer:
Verified
Q187: A company is designing the security architecture
Q188: A company is implementing a new application
Q189: A company's security engineer has been asked
Q190: A security engineer has noticed that VPC
Q191: A company uses multiple AWS accounts managed
Q193: A recent security audit identified that a
Q194: A security engineer is designing an incident
Q195: A company wants to deploy an application
Q196: A security engineer is responsible for providing
Q197: A company wants to encrypt data locally
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents