AWS Certified Solutions Architect – Associate (SAA-C02) — Question 135

A company runs an application on Amazon EC2 instances. The application is deployed in private subnets in three Availability Zones of the us-east-1 Region. The instances must be able to connect to the internet to download files. The company wants a design that is highly available across the Region.
Which solution should be implemented to ensure that there are no disruptions to internet connectivity?

Answer options

• A. Deploy a NAT instance in a private subnet of each Availability Zone.
• B. Deploy a NAT gateway in a public subnet of each Availability Zone.
• C. Deploy a transit gateway in a private subnet of each Availability Zone.
• D. Deploy an internet gateway in a public subnet of each Availability Zone.

Correct answer: B

Explanation

The correct answer is B because deploying a NAT gateway in a public subnet of each Availability Zone ensures that instances in private subnets can access the internet with high availability. Option A is incorrect as NAT instances do not provide the same level of availability and performance as NAT gateways. Options C and D are not suitable for this requirement, as a transit gateway is designed for connecting multiple VPCs and an internet gateway directly connects to public subnets, not private ones.