AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A company runs workloads in two private subnets (Subnet-A in us-east-1a and Subnet-B in us-east-1b). The instances must reach public payment APIs, but no inbound internet traffic is allowed. A single NAT gateway placed in a public subnet in us-east-1a is used for egress. During a recent Availability Zone failure in us-east-1a, instances in Subnet-B lost internet connectivity. As the CloudOps engineer, you must improve resiliency while keeping network egress costs as low as possible. Which solution meets these requirements?
Replace the NAT gateway with a highly-available NAT instance solution using an Auto Scaling group that spans both AZs.
Attach an internet gateway to the VPC and assign public IPv4 addresses to all instances in both private subnets.
Deploy a second NAT gateway in a public subnet in us-east-1b and update Subnet-B's route table to use this new NAT gateway while keeping Subnet-A routed to the existing gateway.
Move the existing NAT gateway to a public subnet in a third AZ and point the route tables of both private subnets to this gateway.
NAT gateways are deployed per Availability Zone. If an AZ containing the NAT gateway becomes unavailable, private subnets that route through that gateway lose internet access. AWS best practice is to create one NAT gateway in each AZ and configure each private subnet's route table to use the NAT gateway in the same AZ. This avoids cross-AZ data transfer charges and removes the single-point-of-failure observed during the outage.
Creating a single NAT gateway in a different AZ still introduces a single point of failure and forces cross-AZ traffic, which adds cost. Replacing the NAT gateway with NAT instances requires more management and does not provide the same availability guarantees. Assigning public IP addresses and routing directly to an internet gateway violates the requirement that no inbound internet traffic be permitted.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to deploy one NAT gateway per Availability Zone?
Open an interactive chat with Bash
What is the difference between a NAT gateway and a NAT instance?
Open an interactive chat with Bash
How does cross-AZ data transfer impact costs in AWS networking?
Open an interactive chat with Bash
What is the purpose of a NAT gateway in AWS?
Open an interactive chat with Bash
Why is it necessary to deploy a NAT gateway in each Availability Zone?
Open an interactive chat with Bash
What are the differences between a NAT gateway and a NAT instance?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .