Amazon Web Services SAA-C03 Exam With Confidence Using Practice Dumps

EC2 instances in private subnets cannot access the internet unless there is a NAT gateway or a NAT instance configured.

“To enable instances in a private subnet to connect to the internet or other AWS services, you can use a NAT gateway or NAT instance.”

— NAT Gateways – Amazon VPC

In this use case:

EC2 instances are in private subnets

They need to call external APIs (internet access)

The most operationally efficient and secure method is to place a NAT Gateway in a public subnet and update the route table for private subnets to route internet-bound traffic through it.

Incorrect Options:

A: Private subnets don’t support public IPs.

C: VPC peering doesn’t help reach the public internet.

D: Interface endpoints are for private connectivity to AWS services, not external APIs.

Option A: Importing customer-managed keys into AWS KMS ensures that encryption key material remains under the company’s control.

Option D: S3 Glacier with server-side encryption using customer-provided keys (SSE-C) complies with the need for controlled encryption and provides cost-effective storage for backups.

AWS Key Management Service Importing Keys Documentation,S3 Encryption Documentation

The key requirements are shared file access, NFS protocol compatibility, and no application changes. Amazon Elastic File System (EFS) is a fully managed, scalable file system that natively supports the NFS protocol, making it an ideal drop-in replacement for on-premises shared file systems used by Linux applications.

Option C allows the existing web servers to mount the EFS file system using standard NFS mount commands, preserving application behavior and avoiding code changes. EFS is designed to be accessed concurrently by multiple EC2 instances across Availability Zones, providing high availability and elasticity without manual capacity management. This aligns well with typical web server architectures that rely on shared content or assets.

Option A and B use Amazon S3, which is an object storage service and does not support NFS semantics. Migrating to S3 would require application changes to use object-based APIs instead of file system operations. Option D uses Amazon FSx for Windows File Server, which supports SMB, not NFS, and is intended for Windows-based workloads.

Therefore, C is the correct solution because Amazon EFS provides NFS compatibility, shared access, high availability, and minimal operational overhead while requiring no changes to the existing Linux-based web server applications.