Question 6 - AWS SOA-C03 Real Exam Questions [March 2026 Update]

Q: 6

A CloudOps engineer has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow outbound traffic. Which solution will provide the EC2 instances in the private subnet with access to the internet?

Options

Correct Answer:

Explanation

To enable internet access for EC2 instances in a private subnet, a Network Address Translation (NAT) gateway is required. The NAT gateway must be placed in a public subnet, which is defined as a subnet with a route to an Internet Gateway (IGW). This placement allows the NAT gateway to communicate with the internet. Subsequently, the route table associated with the private subnet must be updated. A new route should be added that directs all internet-bound traffic (destination 0.0.0.0/0) to the NAT gateway. This configuration allows instances in the private subnet to initiate outbound connections to the internet while preventing inbound connections initiated from the internet.

Why Incorrect

B. Routing the public subnet to the NAT gateway is incorrect. The public subnet's route table should point to the Internet Gateway for direct internet access.

C. A NAT gateway placed in a private subnet cannot access the internet itself, and therefore cannot provide internet connectivity to other resources.

D. A NAT gateway must be deployed in a public subnet to function. Placing it in a private subnet renders it unable to reach the Internet Gateway.

References

1. AWS Documentation: VPC User Guide - NAT gateways. This guide explicitly states the required configuration: "To enable instances in a private subnet to connect to the internet

you can create a NAT gateway in a public subnet... Then

you update the route table for the private subnet to route internet traffic to the NAT gateway." (See section: NAT gateways -> NAT gateway basics).

2. AWS Documentation: VPC User Guide - Example: VPC with servers in private subnets and NAT. This document provides a reference architecture. The diagram and accompanying text show the NAT gateway residing in the public subnet and the private subnet's route table with a 0.0.0.0/0 target pointing to the NAT gateway. (See section: VPC examples).

3. AWS Documentation: VPC User Guide - Route tables for your VPC. This document details routing configurations. It clarifies that a subnet is considered "private" if its associated route table does not have a route to an internet gateway. To provide outbound internet access

it describes routing through a NAT device. (See section: VPCs and subnets -> Routing for a VPC -> Route table basics).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE