Answer: In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.

To meet the requirements, the network engineer needs to ensure that traffic from Example Corp's VPC to AnyCompany's on-premises application is routed through a limited contiguous block of approved IP addresses (10.1.0.0/24). This requires the use of NAT gateways to translate the IP addresses of the traffic originating from Example Corp's VPC to the approved range. Since the application is deployed across two Availability Zones for high availability, the solution must also be highly available. Therefore, the network engineer should create a subnet in each Availability Zone that uses part of the allowed IP address range and deploy a NAT gateway in each of these subnets. This ensures that if one Availability Zone goes down, the other can still route traffic. The NAT gateways should be private to ensure that the traffic does not go through the internet, aligning with the requirement that there is no internet gateway. The route tables associated with other subnets in the VPC should be updated to route application traffic to the NAT gateway in the corresponding Availability Zone. Additionally, a route should be added to the route table associated with the subnets of the NAT gateways to send traffic destined for the application to the transit gateway, which connects to AnyCompany's on-premises infrastructure. Therefore, the correct approach is described in option B.

Author: LeetQuiz Editorial Team