AWS Certified Advanced Networking – Specialty ANS-C00 – Question162 | AWS Certified Advanced Networking

Your company is working on a transition from IPv4 to IPv6 but is concerned about the security of having public IPv6 addresses attached to instances in a public network. They currently use a NAT to allow outbound traffic for instances. Outbound traffic is required for updates. What are two options to alleviate your company's concerns? (Choose two.)

A. Remove any rules allowing ::/0 inbound in the security group.
B. Block ::/0 inbound in the NACL.
C. Create an egress-only internet gateway.
D. Block 0.0.0.0/0 inbound in the NACL.

Correct Answer: AC

Explanation:

Explanation: 0.0.0.0/0 will only block IPv4, blocking ::/0 in the NACL will prevent return traffic and updates to the instances. An egress-only internet gateway or blocking ::/0 inbound in the security group will allow the instances to initiate outbound connections and receive the return traffic, while still preventing outside attackers from initiating connections to the instances.