Which component is attached to a VPC to allow a web server placed in a public subnet to communicate bidirectionally with the internet?

1 / 1
Select an answer
CorrectC

Explanation

Question Overview

A question about choosing the component that connects a VPC to the internet.

Requirements to satisfy
  • 1communicate bidirectionally with the internetA connection that can both receive and send = IGW
  • 2public subnetA subnet exposed to the internet
  • 3attached to a VPCA gateway attached to the VPC = IGW
Per-option explanation
AIncorrect

NAT gateway

A NAT gateway is for instances in a private subnet to make outbound communication, and it does not handle bidirectional inbound traffic from the internet.

It is not the component that enables bidirectional communication for a public subnet, so it is incorrect.

BIncorrect

Security group

A security group is a firewall that controls allowed traffic for an instance.

It is not the component that connects a VPC to the internet, so it is incorrect.

CCorrect

Internet gateway (IGW)

Correct. An internet gateway (IGW) is a component that is attached to a VPC and enables bidirectional communication between the VPC and the internet. By configuring a route to the IGW in the route table of the public subnet, web servers and similar resources can communicate with the internet.

DIncorrect

Virtual private gateway (VGW)

A virtual private gateway is the VPC-side gateway used to connect an on-premises site to a VPC over VPN or Direct Connect.

The peer is a corporate network, and it is not the component that enables bidirectional communication with the general internet, so it is incorrect.

Key Takeaway

'Bidirectional communication with the internet' and 'public subnet' point to an internet gateway (IGW). Distinguish it from a NAT gateway, which is outbound-only for private subnets.

Related Links