AWS Certified Solutions Architect – Professional — Question 995

A solutions architect has created a single VPC on AWS. The VPC has one internet gateway and one NAT gateway. The VPC extends across three Availability
Zones. Each Availability Zone includes one public subnet and one private subnet. The three private subnets contain Amazon EC2 instances that must be able to connect to the internet.
Which solution will increase the network resiliency of this architecture?

Answer options

• A. Add two NAT gateways so that each Availability Zone has a NAT gateway. Configure a route table for each private subnet to send traffic to the NAT gateway in the subnet's Availability Zone.
• B. Add two NAT gateways so that each Availability Zone has a NAT gateway. Configure a route table for each public subnet to send traffic to the NAT gateway in the subnet's Availability Zone.
• C. Add two internet gateways so that each Availability Zone has an internet gateway. Configure a route table for each private subnet to send traffic to the internet gateway in the subnet's Availability Zone.
• D. Add two internet gateways so that each Availability Zone has an internet gateway. Configure a route table for each public subnet to send traffic to the internet gateway in the subnet's Availability Zone.

Correct answer: A

Explanation

To make the architecture highly resilient, each Availability Zone should have its own NAT gateway so that a failure in one zone does not disrupt internet connectivity for instances in other zones. Route tables for the private subnets must point to the NAT gateway within the same Availability Zone. Adding multiple internet gateways to a single VPC is not supported, and public subnets do not route their outbound traffic through NAT gateways.