After launching an instance that you intend to serve as a NAT (Network Address
Translation) device in a public subnet you modify your route tables to have the NAT device
be the target of internet bound traffic of your private subnet. When you try and make an
outbound connection to the Internet from an instance in the private subnet, you are not
successful. Which of the following steps could resolve the issue?
A.
Attaching a second Elastic Network interface (ENI) to the NAT instance, and placing it in
the private subnet
B.
Attaching an Elastic IP address to the instance in the private subnet
C.
Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet,
and placing it in the public subnet
D.
Disabling the Source/Destination Check attribute on the NAT instance
I have the same idea. D
d
D.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck
Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.
D
Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.
You can disable the SrcDestCheck attribute for a NAT instance that’s either running or stopped using the console or the command line.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html
D
D