ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 294 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 294
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company runs an application on hundreds of Amazon EC2 instances in three Availability Zones. The application calls a third-party API over the public internet. A SysOps administrator must provide the third party with a list of static IP addresses so that the third party can allow traffic from the application.

Which solution will meet these requirements?

  • A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NAT gateway the default route of all private subnets in those Availability Zones.
  • B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IP address with all the instances in the Availability Zone.
  • C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to the internet through the private IP address of the NLB.
  • D. Update the main route table to send the traffic to the internet through an Elastic IP address that is assigned to each instance.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by AndyMartinez at April 22, 2023, 2:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Gomer
Highly Voted 1 year, 6 months ago
Selected Answer: A
From my perspective, you can't assign an elastic IP to multiple instances in an AZ. Also, the API will never see a private IP on the AWS side. To me, the answer is to have a static public IP (EIP) assigned to the NAT gateway in each AZ, and have the EC2 instances on a private subnet. Everytime and instance hits the external API, the API is going to see one of three unchanging EIPs. Enough said.
upvoted 19 times
...
confusedyeti69
Most Recent 8 months, 2 weeks ago
Selected Answer: C
I literally can't see where in the question does it say the EC2 are in private subnets.
upvoted 1 times
...
TareDHakim
10 months, 1 week ago
Selected Answer: A
Loadbalancer was never meant to be used as a gateway for outbound traffic, that's what NAT Gateways are for!
upvoted 2 times
...
r2c3po
10 months, 3 weeks ago
Selected Answer: A
Option A: Add a NAT gateway in the public subnet of each Availability Zone. Make the NAT gateway the default route of all private subnets in those Availability Zones. By deploying a NAT gateway in each public subnet and making it the default route for private subnets in the respective Availability Zones, the EC2 instances in the private subnets will use the NAT gateways to communicate with the third-party API over the internet. Each NAT gateway will have an Elastic IP address, providing a static IP address for the outbound traffic.
upvoted 2 times
...
[Removed]
1 year, 3 months ago
Selected Answer: A
AWS NAT Gateway is a highly available and horizontally scalable Network Address Translation (NAT) service. AWS NAT Gateway allows resources in a private subnet to connect to target resources outside the subnet using the NAT Gateway’s IP address. https://aws.amazon.com/blogs/networking-and-content-delivery/attach-multiple-ips-to-a-nat-gateway-to-scale-your-egress-traffic-pattern/ NLB does not provide egress traffic. It is for ingress.
upvoted 3 times
...
paultantony
1 year, 3 months ago
Selected Answer: C
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html When you create an internet-facing load balancer, you can optionally specify one Elastic IP address per subnet. If you do not choose one of your own Elastic IP addresses, Elastic Load Balancing provides one Elastic IP address per subnet for you. These Elastic IP addresses provide your load balancer with static IP addresses that will not change during the life of the load balancer. You can't change these Elastic IP addresses after you create the load balancer.
upvoted 1 times
...
RayHK
1 year, 3 months ago
Answer A if under this situation https://stackoverflow.com/questions/54742522/assign-multiple-ec2-instances-to-one-elastic-ip
upvoted 2 times
...
RayHK
1 year, 3 months ago
how to communicate with outside world with the answer A? can we use the EIP instead with a NLB ? So answer B is not a good answer and cannot assign to hundreds of EC2 instance. wondering Ans C is correct but it didn't mention the EIP in NLB... https://repost.aws/knowledge-center/elb-attach-elastic-ip-to-public-nlb
upvoted 1 times
...
Atest00678
1 year, 4 months ago
Selected Answer: C
When you create an internet-facing load balancer, you can optionally specify one Elastic IP address per subnet. If you do not choose one of your own Elastic IP addresses, Elastic Load Balancing provides one Elastic IP address per subnet for you. These Elastic IP addresses provide your load balancer with static IP addresses that will not change during the life of the load balancer
upvoted 3 times
...
thetnyeinmoe
1 year, 5 months ago
Selected Answer: B
Explanation: In this scenario, you need to provide a list of static IP addresses to a third party for allowing traffic from the application. The Elastic IP (EIP) address is a static, public IPv4 address that can be associated with an Amazon EC2 instance. By allocating one EIP in each Availability Zone and associating it with all the instances in that Availability Zone, you can provide the third party with a list of static IP addresses.
upvoted 2 times
...
Abdullxh
1 year, 6 months ago
Selected Answer: B
By allocating one Elastic IP address in each Availability Zone, the SysOps administrator can assign a unique static IP address to each instance running in that Availability Zone. Once the Elastic IP addresses are associated with the instances, the administrator can provide the list of Elastic IP addresses to the third-party API provider to allow traffic from the application.
upvoted 1 times
Gomer
1 year, 5 months ago
Since there are "hundreds of Amazon EC2" instances, three elastic IP's assigned to EC2 isn't going to work. However, assigning them to the 3 NAT gateway's would work if the EC2 instances are in private subnet and using the NAT Gateway to access public web API.
upvoted 1 times
landsamboni
1 year, 5 months ago
ChatGPT answer: "Option A is not the optimal solution for the given requirements. Adding a NAT gateway in the public subnet of each Availability Zone and making it the default route of all private subnets in those Availability Zones would enable instances in the private subnets to communicate with the internet using the NAT gateway's public IP address. However, this solution does not provide a list of static IP addresses that can be shared with the third party to allow traffic from the application. The NAT gateway's public IP address is shared among all the instances in the private subnets and is not a dedicated static IP address per instance or per Availability Zone. Therefore, option A does not fulfill the requirement of providing a list of static IP addresses to the third party."
upvoted 1 times
landsamboni
1 year, 5 months ago
I'd go with B, but what you think about the arguments towards A?
upvoted 1 times
...
...
...
...
AndyMartinez
1 year, 6 months ago
Selected Answer: A
Option A makes more sense to me.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago