AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A CloudOps engineer creates a new VPC with two subnets intended to be public. Each subnet contains an EC2 web server that has an Elastic IP address, and the security group allows inbound HTTP and SSH from 0.0.0.0/0. However, the instances cannot be reached from the internet. Which single change will restore connectivity while requiring the least modification to the existing environment?
Allocate and attach an egress-only internet gateway to the VPC.
Attach an internet gateway to the VPC and add a 0.0.0.0/0 route to it in the route table used by the subnets.
Associate the subnets with the main route table, which automatically provides internet access.
Launch a NAT gateway in each subnet and update the route tables to point 0.0.0.0/0 to the NAT gateways.
Instances in a public subnet need two things for IPv4 internet access: an internet gateway (IGW) attached to the VPC and a route in the subnet's route table that sends 0.0.0.0/0 traffic to that IGW. Without both steps, traffic from the Elastic IP never reaches the instance. Adding a NAT gateway would only provide outbound connectivity and still block inbound traffic. Associating the subnets with the main route table does not help unless that table already has an IGW route. An egress-only internet gateway supports only IPv6 outbound flows, so it cannot solve the problem. Therefore, attaching an internet gateway and adding the appropriate default route is the minimal and correct fix.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Internet Gateway in AWS?
Open an interactive chat with Bash
What is a NAT Gateway and how does it differ from an Internet Gateway?
Open an interactive chat with Bash
What is the purpose of a route table in AWS VPCs?
Open an interactive chat with Bash
What is an Internet Gateway (IGW) in AWS?
Open an interactive chat with Bash
Why does the route table need a 0.0.0.0/0 route to the Internet Gateway?
Open an interactive chat with Bash
What is the role of Elastic IPs in enabling public internet access for EC2 instances?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .