ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 264 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 264
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has migrated a legacy application to the AWS Cloud. The application runs on three Amazon EC2 instances that are spread across three Availability Zones. One EC2 instance is in each Availability Zone. The EC2 instances are running in three private subnets of the VPC and are set up as targets for an Application Load Balancer (ALB) that is associated with three public subnets.

The application needs to communicate with on-premises systems. Only traffic from IP addresses in the company's IP address range are allowed to access the on-premises systems. The company’s security team is bringing only one IP address from its internal IP address range to the cloud. The company has added this IP address to the allow list for the company firewall. The company also has created an Elastic IP address for this IP address.

A solutions architect needs to create a solution that gives the application the ability to communicate with the on-premises systems. The solution also must be able to mitigate failures automatically.

Which solution will meet these requirements?

  • A. Deploy three NAT gateways, one in each public subnet. Assign the Elastic IP address to the NAT gateways. Turn on health checks for the NAT gateways. If a NAT gateway fails a health check, recreate the NAT gateway and assign the Elastic IP address to the new NAT gateway.
  • B. Replace the ALB with a Network Load Balancer (NLB). Assign the Elastic IP address to the NLTurn on health checks for the NLIn the case of a failed health check, redeploy the NLB in different subnets.
  • C. Deploy a single NAT gateway in a public subnet. Assign the Elastic IP address to the NAT gateway. Use Amazon CloudWatch with a custom metric to monitor the NAT gateway. If the NAT gateway is unhealthy, invoke an AWS Lambda function to create a new NAT gateway in a different subnet. Assign the Elastic IP address to the new NAT gateway.
  • D. Assign the Elastic IP address to the ALB. Create an Amazon Route 53 simple record with the Elastic IP address as the value. Create a Route 53 health check. In the case of a failed health check, recreate the ALB in different subnets.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by psyx21 at June 21, 2023, 11:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AMohanty
Highly Voted 1 year, 8 months ago
Isn't NAT Gateway AWS managed Why do we need to check if NAT GW is healthy ?
upvoted 8 times
...
bhanus
Highly Voted 1 year, 10 months ago
Selected Answer: C
I go with C A is incorrect because you dont need 3 nat gateways B does not make sense to replace ALB D - you cannot assign elastic ip to ALB
upvoted 6 times
gd1
1 year, 10 months ago
A NAT (Network Address Translation) Gateway enables instances in a private subnet to connect to the internet or other AWS services but prevents the internet from initiating a connection with those instances. By using a single NAT gateway with the provided Elastic IP address, all outbound traffic will appear to come from the single, whitelisted IP address that the company allows.
upvoted 3 times
...
...
career360guru
Most Recent 1 year, 1 month ago
Selected Answer: C
Option C is best. As there is only one IP address that can be used Option A = 3 NAT gateways are not needed.
upvoted 2 times
...
career360guru
1 year, 5 months ago
Selected Answer: C
This question is little unclear. It does not state whether the communication between on-premise system and AWS is out bond or in bound in nature. If it is outbound then C makes sense.
upvoted 5 times
Daniel76
8 months, 4 weeks ago
The design should "gives the application the ability to communicate with the on-premises systems", so it is outbound.
upvoted 1 times
...
...
alonis2201
1 year, 5 months ago
also think about B option to assign an IP address to NLB
upvoted 2 times
...
ggrodskiy
1 year, 9 months ago
Correct C.
upvoted 1 times
...
study_aws1
1 year, 9 months ago
All seemed good for option C) till I encountered this sentence - "The company’s security team is bringing only one IP address from its internal IP address range to the cloud." - Please note internal IP not external IP. Which seems to imply there is a connectivity between on-premises & Cloud (either through Site-to-Site VPN or DX), though not explicitly mentioned in the question. In such a case, NAT gateway with Public subnet will not help. Option B) will become a viable solution in this case.
upvoted 2 times
chikorita
1 year, 8 months ago
Elastic IPs itself are public whether you choose B or C Option C is perfect for this use-case unless you associate ALB as target for NLB
upvoted 2 times
...
...
NikkyDicky
1 year, 10 months ago
Selected Answer: C
C makes some sense
upvoted 1 times
...
SmileyCloud
1 year, 10 months ago
Selected Answer: C
C - single NAT if only one Elastic IP is available.
upvoted 2 times
...
Alabi
1 year, 10 months ago
Selected Answer: C
option C provides the most appropriate solution by using a single NAT gateway, monitoring its health with CloudWatch, and invoking a Lambda function to create a new NAT gateway if necessary.
upvoted 3 times
...
shree2023
1 year, 10 months ago
Selected Answer: C
C is the answer single NAT is needed
upvoted 1 times
...
PhuocT
1 year, 10 months ago
I think it's C.
upvoted 1 times
...
psyx21
1 year, 10 months ago
Selected Answer: C
Correct Answer is C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago