AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 103

All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent
UDP probes to a single central authentication server on the Internet to confirm that it is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.
What is the reason for this failure?

Answer options

• A. The NAT gateway does not support UDP traffic.
• B. The authentication server is not accepting traffic.
• C. The NAT gateway cannot allocate more ports.
• D. The NAT gateway is launched in a private subnet.

Correct answer: C

Explanation

The correct answer is C because if the NAT gateway has reached its limit on the number of ports it can allocate for outbound connections, some servers will be unable to establish UDP sessions. Option A is incorrect as NAT gateways do support UDP traffic. Option B is also wrong because the problem lies with the NAT gateway, not the authentication server. Option D is not applicable since the NAT gateway must be in a public subnet to route traffic to the Internet.