Back to Amazon VPC

Network Address Translation (NAT) Gateway

5 minutes 5 Questions

A Network Address Translation (NAT) Gateway is a highly available, managed service that operates within a single Amazon VPC. It allows EC2 instances within a private subnet to access the internet, while preventing direct inbound access from the internet. NAT Gateway supports IPv4 traffic only and u…

Test mode:
Start practice test
AWS Certified Solutions Architect - Network Address Translation (NAT) Gateway Example Questions

Test your knowledge of Network Address Translation (NAT) Gateway

Question 1

A company is deploying applications in two separate subnets: a public and a private subnet. The company wants its instances in the private subnet to access the internet but prevent unsolicited inbound traffic. Which of the following should be used for this purpose?

Correct Answer: NAT Gateway

A NAT Gateway enables instances in a private subnet to access the internet without allowing unsolicited inbound traffic. Amazon RDS for PostgreSQL is a managed database service, Elastic Load Balancer is for load balancing, VPC Endpoint enables secure access to AWS services, VPN Gateway is for connecting remote networks, and VPC Peering is for secure connectivity between VPCs.

Question 2

An organization is building a multi-tier architecture on AWS. The team has concerns about the private subnet's instances' ability to access the internet for software updates. Which of the following solutions will provide the best results?

Correct Answer: NAT Gateway

NAT Gateway allows instances in a private subnet to access the internet but prevents unsolicited inbound connections. VPC Peering and Direct Connect are used for connectivity between VPCs or on-premises infrastructure, while Bastion Host provides secure SSH access. NAT Instance can also be used but has performance limitations compared to the NAT Gateway. VPN Gateway is used for connections to remote networks.

Question 3

An organization has launched an application with backend databases in a private subnet. The database instances need to download patches from the internet. Which solution ensures that instances can connect to the internet without exposing them to unsolicited traffic?

Correct Answer: Deploy a NAT Gateway

A NAT Gateway allows instances in a private subnet to initiate connections to the internet but prevents unsolicited inbound traffic. VPC Peering, public subnet, Application Load Balancer, AWS Direct Connect, and VPC Endpoints are not the right options to securely access the internet with restricted incoming traffic.

More Network Address Translation (NAT) Gateway questions
15 questions (total)
Start 15 question test