Knowee
Questions
Features
Study Tools

In order to protect your company's sensitive workloads, you were tasked to block access to the application servers from the public internet. You decide to deploy the servers in a private subnet. While you successfully blocked the servers from public access, your applications can no longer fetch critical patches and updates from the Internet.Which Amazon Virtual Private Cloud (VPC) component can help you solve this problem?NAT GatewayInternet GatewayRoute tableNetwork Access Control List (ACL)

Question

In order to protect your company's sensitive workloads, you were tasked to block access to the application servers from the public internet. You decide to deploy the servers in a private subnet. While you successfully blocked the servers from public access, your applications can no longer fetch critical patches and updates from the Internet.Which Amazon Virtual Private Cloud (VPC) component can help you solve this problem?NAT GatewayInternet GatewayRoute tableNetwork Access Control List (ACL)

...expand
🧐 Not the exact question you are looking for?Go ask a question

Solution

The Amazon Virtual Private Cloud (VPC) component that can help you solve this problem is the NAT Gateway.

Here's why:

  1. NAT Gateway: A Network Address Translation (NAT) gateway enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. This is exactly what you need in this scenario. You want your application servers to be able to initiate communication with the internet (to fetch critical patches and updates), but you don't want the internet to be able to initiate communication with your servers.

  2. Internet Gateway: This is not the correct answer because an internet gateway is a horizontally scaleable, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It does not provide the one-way access that you need.

  3. Route Table: This is not the correct answer because a route table contains a set of rules, called routes, that are used to determine where network traffic is directed. While you could potentially use a route table to direct traffic from your application servers to the internet, it would not provide the one-way access that you need.

  4. Network Access Control List (ACL): This is not the correct answer because a network ACL is a feature of VPC that provides a rule-based tool for controlling inbound and outbound traffic at the subnet level. While you could potentially use a network ACL to control traffic to and from your application servers, it would not provide the one-way access that you need.

This problem has been solved

Similar Questions

Which of the following are the recommended resources to be deployed in the  Amazon VPC private subnet?a)NAT Gatewaysb)Database Serversc)Internet Gatewaysd)Bastion Hosts

Which of the following AWS services can be used to connect a company's on-premises environment to a VPC without using the public internet?

Which AWS services or features have the capability to manage VPC traffic? (Choose TWO.)Amazon ConnectSecurity groupsNetwork ACLsAWS Direct ConnectAmazon GuardDuty

Which AWS service would you use to create a logically isolated section of the AWS Cloud where you can launch AWS resources in your virtual network?Question 4Answera.Subnetb.Virtual Private Network (VPN)c.Virtual private Cloud (VPC)d.Network Access Control List (Network ACL)

What is the purpose of a Virtual Private Cloud (VPC) in cloud security?Isolating resources within a private network in the cloudExposing resources directly to the public internetEliminating the need for firewallsReducing data redundancy

1/1

Upgrade your grade with Knowee

Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.