AWS Certified Solutions Architect – Professional — Question 857

A company has a standard three-tier architecture using two Availability Zones. During the company's off season, users report that the website is not working. The
Solutions Architect finds that no changes have been made to the environment recently, the website is reachable, and it is possible to log in. However, when the
Solutions Architect selects the `find a store near you` function, the maps provided on the site by a third-party RESTful API call do not work about 50% of the time after refreshing the page. The outbound API calls are made through Amazon EC2 NAT instances.
What is the MOST likely reason for this failure and how can it be mitigated in the future?

Answer options

• A. The network ACL for one subnet is blocking outbound web traffic. Open the network ACL and prevent administration from making future changes through IAM.
• B. The fault is in the third-party environment. Contact the third party that provides the maps and request a fix that will provide better uptime.
• C. One NAT instance has become overloaded. Replace both EC2 NAT instances with a larger-sized instance and make sure to account for growth when making the new instance size.
• D. One of the NAT instances failed. Recommend replacing the EC2 NAT instances with a NAT gateway.

Correct answer: D

Explanation

The intermittent 50% failure rate during page reloads indicates that one of the two NAT instances (each residing in a different Availability Zone) has failed, causing half of the outbound API requests to drop. Replacing self-managed EC2 NAT instances with AWS managed NAT gateways provides a highly available, redundant, and fully managed solution that automatically scales and prevents single points of failure. Other options, such as blaming the third-party provider or assuming resource exhaustion during an off-season period, do not align with the 50% failure symptom or AWS architectural best practices.