Which of the following steps could resolve the issue?

After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public
subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your
private subnet. When you try and make an outbound connection to the internet from an instance in the
private subnet, you are not successful. Which of the following steps could resolve the issue?

After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public
subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your
private subnet. When you try and make an outbound connection to the internet from an instance in the
private subnet, you are not successful. Which of the following steps could resolve the issue?

A.
Disabling the Source/Destination Check attribute on the NAT instance

B.
Attaching an Elastic IP address to the instance in the private subnet

C.
Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet

D.
Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the
public subnet

Explanation:

http://docs.aws.amazon.com/workspaces/latest/adminguide/gsg_create_vpc.html

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

networkmanagers

networkmanagers

A

Reply

Leo Kennedy A, Senior Consultant, Veeras Infotek, India

Leo Kennedy A, Senior Consultant, Veeras Infotek, India

Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.

Option A

Reply

Duck Bro

Duck Bro

A
Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.

You can disable the SrcDestCheck attribute for a NAT instance that’s either running or stopped using the console or the command line.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html

Reply

BDA

BDA

A, disable Src/Dest Czechs

Reply

mutiger91

mutiger91

This question is asked in a confusing way. It says, “you modify your route tables to have the NAT device be the target of internet bound traffic of your
private subnet”

In my experience with instance-based network devices, the device doesn’t show up as something available to route your traffic to until you have disabled the src/dest checking. Therefore, the question seems to be telling you that you already disabled src/dest checking. Otherwise you would not have been able to add the route.

Once you disable src/dest checking, your route tables have options to direct traffic to either the eni or the instance ID (if it is unambiguous). I used a cisco CSR instead of a NAT gateway, but the principle should be the same.

Reply