nerdexam
ExamsSAA-C03Questions#547
AmazonAmazon

SAA-C03 · Question #547

SAA-C03 Question #547: Real Exam Question with Answer & Explanation

The correct answer is A: Deploy one NAT gateway in each Availability Zone. Configure the route table for each pri-vate. AWS guidance for NAT Gateway recommends deploying "a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone." This provides "zone-independent architecture" and avoids cross-AZ data processing cha

Submitted by packet_pusher· Mar 4, 2026Design Resilient Architectures

Question

An ecommerce company hosts an application on AWS across multiple Availability Zones. The application experiences uniform load throughout most days. The company hosts some components of the application in private subnets. The components need to access the internet to install and update patches. A solutions architect needs to design a cost-effective solution that provides secure outbound internet connectivity for private subnets across multiple Availability Zones. The solution must maintain high availability. Which solution will meet this requirement?

Options

  • ADeploy one NAT gateway in each Availability Zone. Configure the route table for each pri-vate
  • BPlace one NAT gateway in a designated Availability Zone within the VPC. Configure the route
  • CDeploy an Amazon EC2 instance in a public subnet. Configure the EC2 instance as a NAT
  • DUse one NAT Gateway in a Network Load Balancer (NLB) target group. Configure private

Explanation

AWS guidance for NAT Gateway recommends deploying "a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone." This provides "zone-independent architecture" and avoids cross-AZ data processing charges and single-AZ failures. Option B creates a single point of failure and incurs cross-AZ egress charges when private subnets in other AZs traverse a centralized NAT. NAT instances (C) are legacy, require manual scaling/failover/patching, and are not recommended for production HA. Option D is not supported (NLB cannot front a NAT Gateway as a target). With steady, uniform load, per-AZ NAT Gateways deliver high availability with predictable cost; routing each private subnet to its local NAT Gateway maintains security (no inbound initiated connections) and resilience. This meets the requirement for cost-effective, secure outbound connectivity across multiple AZs while preserving availability.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SAA-C03 PracticeBrowse All SAA-C03 Questions