Which statement accurately describes a private subnet?

A private subnet is defined by its inability to be accessed directly from the public internet. This characteristic is essential for scenarios where resources need to be safeguarded from external access while still allowing them to communicate with other instances within the same virtual private cloud (VPC) or with the public internet through specific configurations like a virtual private network (VPN) or a bastion host.

In a private subnet, instances do not receive public IP addresses, which further enhances their security by preventing unsolicited traffic from the internet. This design is typically used for resources such as databases and application servers that do not need to be exposed to the public and should only be accessed from within the private network or via controlled means.

The other statements describe characteristics of public subnets or misrepresent the configuration of a private subnet, making them less applicable in this context.