Answer-first summary for fast verification
Answer: In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.
The question revolves around setting up a highly available solution for Example Corp to access an on-premises application of AnyCompany through a limited contiguous block of approved IP addresses (10.1.0.0/24). The solution must ensure that the traffic from Example Corp's VPC to AnyCompany's on-premises application is routed through the AWS Transit Gateway, using the approved IP address range. Given the requirement for high availability, the solution must span across multiple Availability Zones (AZs). Option A suggests creating a public NAT gateway in each AZ within the new CIDR range, which is incorrect because public NAT gateways are used for instances in a private subnet to access the internet, not for routing traffic to on-premises networks through a transit gateway. Option B correctly suggests creating a private NAT gateway in each AZ within the new CIDR range. Private NAT gateways are used for routing traffic between VPCs and on-premises networks, which aligns with the requirement. The route tables associated with other subnets should be updated to route application traffic to the private NAT gateway in the corresponding AZ, and a route should be added to the route table associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway. This setup ensures high availability and compliance with the approved IP address range. Options C and D are incorrect because they suggest creating a single subnet and NAT gateway, which does not meet the high availability requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
What is the next step the network engineer should take to ensure highly available connectivity between Example Corp's VPC (with the newly added CIDR range 10.1.0.0/24) and AnyCompany's on-premises application, while adhering to compliance requirements that restrict access to the approved IP block (10.1.0.0/24)?
A
In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a public NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the public NAT gateways to send traffic destined for the application to the transit gateway.
B
In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.
C
In the VPC, create a subnet that uses the allowed IP address range. Create a private NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway. Add a route to the route table that is associated with the subnet of the private NAT gateway to send traffic destined for the application to the transit gateway.
D
In the VPC, create a subnet that uses the allowed IP address range. Create a public NAT gateway in the new subnet. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway. Add a route to the route table that is associated with the subnet of the public NAT gateway to send traffic destined for the application to the transit gateway.