Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

An operations team is building a new VPC that uses only IPv6 addressing. All application tasks run in private subnets and must make outbound HTTPS requests to public internet APIs. No inbound internet traffic should ever reach the workloads. Which approach provides the required connectivity at the lowest cost while meeting the security goal?

  • Create a managed NAT gateway in a public subnet and add a ::/0 route from the private subnets to the NAT gateway.

  • Peer the VPC to a centralized transit gateway that has DNS64 enabled and routes internet-bound traffic through a shared egress VPC.

  • Attach an egress-only internet gateway to the VPC and add a ::/0 route in each private subnet's route table that points to this gateway.

  • Associate a standard internet gateway with the VPC and rely on network ACL rules to block all inbound traffic.

AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot