Answer-first summary for fast verification
Answer: Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a route table for private subnets to route traffic to the virtual IP addresses of the two NAT gateways.
To remove the single point of failure and provide built-in redundancy for internet access from EC2 workloads in private subnets across multiple Availability Zones, the solution must ensure that there is no dependency on a single NAT gateway. This can be achieved by setting up multiple NAT gateways in different Availability Zones and configuring the route tables accordingly. Option A suggests setting up two NAT gateways in separate Availability Zones (AZ2 and AZ3) and configuring a route table for private subnets to route traffic to the virtual IP addresses of the two NAT gateways. This approach provides redundancy by allowing traffic to be routed to either NAT gateway, ensuring internet access remains available even if one NAT gateway becomes unavailable. Option B, C, and D do not provide the same level of redundancy and failover capability as Option A. Option B and D suggest configuring route tables to point private subnets in specific Availability Zones to specific NAT gateways, which does not provide the same level of redundancy. Option C suggests creating a second VPC and setting up NAT gateways in the same Availability Zone, which does not address the issue of Availability Zone failure. Therefore, the correct solution is Option A.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has deployed a NAT gateway in a single Availability Zone (AZ1) within a VPC (VPC1) to enable internet access for Amazon EC2 workloads located in private subnets across three Availability Zones (AZ1, AZ2, AZ3). Each subnet's route table is configured to route internet-bound traffic through the NAT gateway.
During a recent outage, internet access for the EC2 workloads failed due to the unavailability of the NAT gateway. A network engineer needs to implement a solution that eliminates this single point of failure and ensures built-in redundancy in the architecture.
Which solution will fulfill these requirements?
A
Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a route table for private subnets to route traffic to the virtual IP addresses of the two NAT gateways.
B
Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a route table to point the AZ2 private subnets to the NAT gateway in AZ2. Configure the same route table to point the AZ3 private subnets to the NAT gateway in AZ3.
C
Create a second VPC (VPC2). Set up two NAT gateways. Place each NAT gateway in a different VPC (VPC1 and VPC2) and in the same Availability Zone (AZ2). Configure a route table in VPC1 to point the AZ2 private subnets to one NAT gateway. Configure a route table in VPC2 to point the AZ2 private subnets to the second NAT gateway.
D
Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a route table to point the AZ2 private subnets to the NAT gateway in AZ2. Configure a second route table to point the AZ3 private subnets to the NAT gateway in AZ3.