Which combination of steps will ensure that all network traffic that originates from the VPC will not use the public internet to communicate with the data cantor?

By:
In: SCS-C01
Tagged:
With: 1 Comment
A company has a VPC that contains a publicly accessible subnet and a privately accessible subnet.Both subnets send network traffic that is destined for the company’s data center through the public internet.The public subnet uses Route Table A, which has a default route for network traffic to travel through the internet gateway of the VPC.The private subnet uses Route Table B, which has a default route for network traffic to travel through a NAT gateway within the VPC.Recently, the company created an AWS Site-to-Site VPN connection to the VPC from one of is data centers.The tunnel s active and is working property between the customer gateway and the virtual private gateway.The CIDR blocks of the VPC and the data center do not overlap.According to a new security policy, all network traffic that originates from the VPC and travels to the data center must not travel across the public internet.A security engineer determines that resources in the public subnet and private subnet are still sending traffic across the public internet to the data center.

Which combination of steps will ensure that all network traffic that originates from the VPC will not use the public internet to communicate with the data cantor?

(Choose two.)

Adjust the route table for the public subnet to use the NAT gateway as its default route,

Adjust the route table for the public subnet to use the customer gateway for the data center’s CIDR block.

Adjust the route table for the public subnet to use the virtual private gateway for the data cantor’s CIDR block

Adjust the route table for the private subnet to use the customer gateway for the data center’s CIDR block.

Adjust the route table for the private subnet to use the virtual private gateway for the data centers CIDR block.

Explanations:

Adjusting the route table for the public subnet to use the NAT gateway would direct traffic destined for the internet through the NAT, but this does not prevent traffic from going over the public internet to the data center.

Routing traffic to the customer gateway from the public subnet would direct it to the data center over the VPN, but this is not needed as the private subnet already has the appropriate route.

Adjusting the route table for the public subnet to use the virtual private gateway ensures traffic destined for the data center’s CIDR block travels over the VPN tunnel, not the public internet.

Adjusting the route table for the private subnet to use the customer gateway would bypass the virtual private gateway, which could disrupt proper routing of traffic to the data center over the VPN.

Adjusting the route table for the private subnet to use the virtual private gateway ensures traffic to the data center is routed securely over the VPN and not the public internet.

2025-10-13

1 Comment

  1. Daniel
    Author

    I infer that the answer is:
    Adjust the route table for the public subnet to use the virtual private gateway for the data cantor’s CIDR block

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 2 =