AWS Certified SAP on AWS – Specialty (PAS-C01) — Question 119

A company hosts its SAP applications and database applications on Amazon EC2 instances in private subnets. The EC2 instances are distributed across two Availability Zones. In each Availability Zone, the company has created a public subnet for public applications.

An SAP solutions architect needs to use AWS services to download software patches from the internet to the EC2 instances that host the SAP applications and databases. The SAP solutions architect must design a highly available solution that protects the AWS services from a single point of failure.

Which solution will meet these requirements with the LEAST maintenance effort?

Answer options

• A. Provision one NAT instance in the public subnet of each Availability Zone. In the route table for each private subnet, add an entry that points to the NAT instance.
• B. Provision one NAT gateway in the public subnet of each Availability Zone. In the route table for each public subnet, add an entry that points to the NAT gateway.
• C. Provision one NAT gateway in the public subnet of each Availability Zone. In the route table for each private subnet, add an entry that points to the NAT gateway.
• D. Provision one NAT instance in the public subnet of a third Availability Zone. In the route table for each public subnet, add an entry that points to the NAT instance in the third Availability Zone.

Correct answer: C

Explanation

Option C is correct because using a NAT gateway in each Availability Zone ensures high availability and minimizes maintenance, as NAT gateways are managed services. Option A is incorrect because NAT instances require more management and can be a single point of failure. Option B is wrong because it incorrectly routes traffic from public subnets instead of private subnets. Option D is not ideal as it relies on a NAT instance in an additional Availability Zone, which may not ensure high availability for private subnet traffic.