0
0
AWScloud~20 mins

NAT Gateway for private subnet internet in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
NAT Gateway Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Architecture
intermediate
2:00remaining
Identify the correct architecture for enabling internet access from a private subnet using a NAT Gateway

You have a VPC with public and private subnets. You want instances in the private subnet to access the internet securely. Which architecture correctly enables this?

APlace a NAT Gateway in the public subnet and update the private subnet route table to direct 0.0.0.0/0 traffic to the NAT Gateway.
BPlace a NAT Gateway in the private subnet and update the public subnet route table to direct 0.0.0.0/0 traffic to the NAT Gateway.
CPlace a NAT Gateway in the public subnet and update the public subnet route table to direct 0.0.0.0/0 traffic to the NAT Gateway.
DPlace a NAT Gateway in the private subnet and update the private subnet route table to direct 0.0.0.0/0 traffic to the internet gateway.
Attempts:
2 left
💡 Hint

Remember, NAT Gateways must be in public subnets to route traffic for private subnets.

Configuration
intermediate
2:00remaining
Determine the correct route table entry for private subnet internet access via NAT Gateway

You have a NAT Gateway in a public subnet. What is the correct route table entry for the private subnet to allow internet access through the NAT Gateway?

ADestination: 0.0.0.0/0, Target: Internet Gateway ID
BDestination: NAT Gateway ID, Target: 0.0.0.0/0
CDestination: 0.0.0.0/0, Target: NAT Gateway ID
DDestination: Private Subnet CIDR, Target: NAT Gateway ID
Attempts:
2 left
💡 Hint

Routes use destination CIDR blocks and targets like gateways or instances.

security
advanced
2:00remaining
Analyze security group rules for instances in private subnet using NAT Gateway

Instances in a private subnet use a NAT Gateway for internet access. Which security group rule is necessary to allow outbound internet traffic?

AAllow outbound traffic on all ports to 0.0.0.0/0
BAllow inbound traffic on port 80 from 0.0.0.0/0
CAllow inbound traffic on all ports from the NAT Gateway's security group
DAllow outbound traffic only to the NAT Gateway's private IP
Attempts:
2 left
💡 Hint

Think about what outbound traffic the instance needs to send to reach the internet.

service_behavior
advanced
2:00remaining
Predict the behavior when NAT Gateway is deleted while private subnet instances are running

You delete the NAT Gateway used by private subnet instances for internet access. What happens to the instances' internet connectivity?

AInstances continue to access the internet using the internet gateway directly.
BInstances automatically switch to a backup NAT Gateway without interruption.
CInstances can still access the internet but with increased latency.
DInstances lose internet access immediately because their route to the internet is broken.
Attempts:
2 left
💡 Hint

Consider how routing depends on the NAT Gateway's presence.

Best Practice
expert
3:00remaining
Choose the best high availability design for NAT Gateway in multi-AZ VPC

You want to design a VPC with private subnets in multiple Availability Zones (AZs) and ensure high availability for internet access via NAT Gateway. What is the best practice?

AUse an internet gateway directly for private subnets to avoid NAT Gateway complexity.
BCreate a NAT Gateway in each AZ's public subnet and route private subnets in each AZ to their local NAT Gateway.
CCreate one NAT Gateway in the private subnet and share it across AZs.
DCreate one NAT Gateway in a single public subnet and route all private subnets to it.
Attempts:
2 left
💡 Hint

Think about fault tolerance and AZ isolation.