ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 448 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 448
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has a standard three-tier architecture using two Availability Zones. During the company's off season, users report that the website is not working. The
Solutions Architect finds that no changes have been made to the environment recently, the website is reachable, and it is possible to log in. However, when the
Solutions Architect selects the `find a store near you` function, the maps provided on the site by a third-party RESTful API call do not work about 50% of the time after refreshing the page. The outbound API calls are made through Amazon EC2 NAT instances.
What is the MOST likely reason for this failure and how can it be mitigated in the future?

  • A. The network ACL for one subnet is blocking outbound web traffic. Open the network ACL and prevent administration from making future changes through IAM.
  • B. The fault is in the third-party environment. Contact the third party that provides the maps and request a fix that will provide better uptime.
  • C. One NAT instance has become overloaded. Replace both EC2 NAT instances with a larger-sized instance and make sure to account for growth when making the new instance size.
  • D. One of the NAT instances failed. Recommend replacing the EC2 NAT instances with a NAT gateway.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by awsec2 at Sept. 14, 2019, 1:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 3 years, 9 months ago
D A: Network ACL is stateless and hence return traffic must be explicitly allowed by rules. If outbound is not allowed then how can the webpage load 100% of the time? B: This is not possible since it only fails 50% of the time which means only 1 AZ is affected. C: Unlikely to cause exactly 50% failure. API calls should not be load intensive. D: Assuming NAT instance HA is not configured. https://aws.amazon.com/articles/high-availability-for-amazon-vpc-nat-instances-an-example/
upvoted 34 times
JohnyGaddar
3 years, 9 months ago
logic for A seems incorrect , it mentions outbound calls(call to restapi) are restricted via NACL which is possible. The correct reason is that there has no changes made in the environment , so A cannot be the option
upvoted 5 times
sarah_t
3 years, 8 months ago
A failed instance is not a "change" though, as changes are (more or less) intentional.
upvoted 2 times
...
...
...
awsec2
Highly Voted 3 years, 9 months ago
why not d
upvoted 8 times
...
steed47
Most Recent 1 year, 3 months ago
Answer is D. In real life, I go for B for sure
upvoted 1 times
...
SkyZeroZx
2 years ago
Selected Answer: D
It should be D, but the answer should say NAT Gateways as we need one NAT gateway in each AZ.
upvoted 1 times
...
AMEJack
2 years, 1 month ago
Selected Answer: D
It should be D, but the answer should say NAT Gateways as we need one NAT gateway in each AZ.
upvoted 1 times
...
dmscountera
2 years, 9 months ago
Selected Answer: D
Based on all comments
upvoted 1 times
...
Ni_yot
3 years, 5 months ago
D for me. the NAT instances are deployed in 2 AZs so when one fails thats 50% of the routing down. So best to replace the NAT with a Gateway. Why not use a GW in the first place anyways
upvoted 2 times
...
challenger1
3 years, 6 months ago
My Answer: D
upvoted 1 times
...
AzureDP900
3 years, 7 months ago
D is perfect . Thanks donathon for detail explanation !
upvoted 1 times
...
andylogan
3 years, 8 months ago
It's D
upvoted 1 times
...
WhyIronMan
3 years, 8 months ago
I'll go with D
upvoted 2 times
...
Waiweng
3 years, 8 months ago
it's D
upvoted 2 times
...
Pupu86
3 years, 8 months ago
can't be B as question has also indicated as "off-peak" season so no way the NAT instance would be overloaded.
upvoted 2 times
...
kiev
3 years, 8 months ago
D for me is the answer and the replacement with Nat Gatway will solve any elasticity issue.
upvoted 1 times
...
Kian1
3 years, 8 months ago
D is my choice
upvoted 2 times
...
LoganIsh
3 years, 8 months ago
D is the right choice to replacing NAT gateway
upvoted 2 times
...
Ebi
3 years, 8 months ago
Definitely D
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel