Q48 — AWS ANS-C01 Ch.1
Question 48 of 100 | ← Chapter 1
A company has set up a NAT gateway in a single Availability Zone (AZ1) in a VPC (VPC1) to access the internet from Amazon EC2 workloads in The VPC. The EC2 workloads are running in private subnets in three Availability Zones (AZ1, AZ2, AZ3). The route table for each subnet is Configured to use the NAT gateway to access the internet. Recently during an outage, internet access stopped working for the EC2 workloads because of the NAT gateway's unavailability. A network Engineer must implement a solution to remove the single point of failure from the architecture and provide built-in redundancy. Which solution will meet these requirements?
- A. Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a Route table for private subnets to route traffic to the virtual IP addresses of the two NAT gateways.
- B. Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a Route table to point the AZ2 private subnets to the NAT gateway in AZ2. Configure the same route table to point the AZ3 private subnets to the NAT gateway in AZ3.
- C. Create a second VPC (VPC2). Set up two NAT gateways. Place each NAT gateway in a different VPC (VPC1 and VPC2) and in the same Availability Zone (AZ2). Configure a route table in VPC1 to point the AZ2 private subnets to one NAT gateway. Configure a route table in VPC2 To point the AZ2 private subnets to the second NAT gateway.
- D. Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a Route table to point the AZ2 private subnets to the NAT gateway in AZ2. Configure a second route table to point the AZ3 private subnets to the NAT gateway in AZ3. ✓
Correct Answer: D. Set up two NAT gateways. Place each NAT gateway in a different public subnet in separate Availability Zones (AZ2 and AZ3). Configure a Route table to point the AZ2 private subnets to the NAT gateway in AZ2. Configure a second route table to point the AZ3 private subnets to the NAT gateway in AZ3.
Explanation
AWS NAT网关设计需确保高可用性。NAT网关部署在单一可用区存在单点故障风险。AWS文档建议不同可用区的私有子网使用对应可用区的NAT网关,路由表独立配置。选项D在AZ2、AZ3分别部署NAT网关,每个私有子网的路由表指向同一可用区的NAT网关。若AZ1的NAT失效,原架构中所有子网受影响;选项D确保AZ2、AZ3子网流量通过各自可用区的NAT,避免跨区依赖。选项A和B的配置方式不符合路由表与可用区对应原则,选项C引入新VPC增加复杂性。选项D符合AWS多可用区冗余架构最佳实践。