AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 57

A company recently migrated its Amazon EC2 instances to VPC private subnets to satisfy a security compliance requirement. The EC2 instances now use a NAT gateway for internet access. After the migration, some long-running database queries from private EC2 instances to a publicly accessible third-party database no longer receive responses. The database query logs reveal that the queries successfully completed after 7 minutes but that the client EC2 instances never received the response.
Which configuration change should a network engineer implement to resolve this issue?

Answer options

• A. Configure the NAT gateway timeout to allow connections for up to 600 seconds.
• B. Enable enhanced networking on the client EC2 instances.
• C. Enable TCP keepalive on the client EC2 instances with a value of less than 300 seconds.
• D. Close idle TCP connections through the NAT gateway.

Correct answer: C

Explanation

The correct answer is C because enabling TCP keepalive ensures that the connection remains active and can receive the response from the database after the long query execution. The other options do not directly address the issue of maintaining a connection over a long period, as increasing the NAT timeout or enabling enhanced networking does not guarantee that the connection remains alive during the wait time for a response.