SAA-C03 Question #185: Real Exam Question with Answer & Explanation

Question

A company is launching a new application that will be hosted on Amazon EC2 instances. A solutions architect needs to design a solution that does not allow public IPv4 access that originates from the internet. However, the solution must allow the EC2 instances to make outbound IPv4 internet requests. The initial design proposal shows that the EC2 instances would be located in two private subnets across two Availability Zones. The entire architecture must be highly available. How should the solutions architect change the architecture to meet these requirements?

Options

• ADeploy a NAT gateway in public subnets in both Availability Zones. Create and configure one
• BDeploy an internet gateway in public subnets in both Availability Zones. Create and configure a
• CDeploy a NAT gateway in public subnets in both Availability Zones. Create and configure a
• DDeploy an egress-only internet gateway in public subnets in both Availability Zones. Create and

Explanation

Why Option C is Correct: NAT Gateway: Allows private subnets to access the internet for outbound requests while preventing inbound connections. High Availability: Deploying NAT gateways in both AZs ensures fault tolerance. Shared Route Table: Simplifies routing configuration for private subnets. Why Other Options Are Not Ideal: Option A: Creating separate route tables for each subnet adds unnecessary complexity. Option B: Internet gateways allow inbound access, violating the requirement to block public IPv4 access. Option D: Egress-only internet gateways are designed for IPv6, not IPv4.

No community discussion yet for this question.