Exam AWS Certified SysOps Administrator - Associate topic 1 question 39 discussion

A - NAT gateway does not support IPv6 D - NAT gateway itself has issues or not yet ready

A and D Causes The cause of this problem might be one of the following: The NAT gateway is not ready to serve traffic. Your route tables are not configured correctly. Your security groups or network ACLs are blocking inbound or outbound traffic. You're using an unsupported protocol.

A - TCP, UDP & ICMP only D - Must be in available state https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html#nat-gateway-troubleshooting-no-internet-connection

https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html#nat-gateway-troubleshooting-unsupported-az From the doc above: - AZ is unsupported - C - Must be in Available state - D

https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html#nat-gateway-troubleshooting-no-internet-connection

A D are correct answers

Only CD Security group, port forwarding and protocol do not play a direct role in accessing the internet. As EC2 instances are in private subnet, 0.0.0.0/0 - nat-gateway-id entry is required to access internet and that option is not mentioned in the answers so CD are left as possible answers.

A & D Wrong protocol and nat not available

Please correct answer to AD

Please correct answer to AD

A & D for now. My research suggests that either A, C or D could be correct (see quotes and URL below). However, in analyzing the wording, I think "C" might be incorrect IF the NAT Gateway creation fails due to NotAvailableInZone error. If the NAT Gateway "object" still get's created, but is just not available due to the error, then C is back in play. Not sure if question is tricky or is just bad. A: "Ensure that your connection is using a TCP, UDP, or ICMP protocol only." C: If creation of NAT Gateway generates a "NotAvailableInZone" error, the "Availability Zone is unsupported" because it is constrained from being expanded D: "Check that the NAT gateway is in the Available state." and "here may have been an error when it was created") (see: "Troubleshoot NAT gateways") https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html

For sure.

A y D, as documentation said. The cause of this problem might be one of the following: The NAT gateway is not ready to serve traffic. Your route tables are not configured correctly. Your security groups or network ACLs are blocking inbound or outbound traffic. You're using an unsupported protocol. In case Availability Zone you were not able to create the NAT Gateway as you were got an error.

Instances cannot access the internet Problem You created a public NAT gateway and followed the steps to test it, but the ping command fails, or your instances in the private subnet cannot access the internet. Causes The cause of this problem might be one of the following: The NAT gateway is not ready to serve traffic. Your route tables are not configured correctly. Your security groups or network ACLs are blocking inbound or outbound traffic. You're using an unsupported protocol. Solution Check the following information: Check that the NAT gateway is in the Available state. In the Amazon VPC console, go to the NAT Gateways page and view the status information in the details pane. If the NAT gateway is in a failed state, there may have been an error when it was created. For more information, see NAT gateway creation fails. Reference: https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html

The possible reasons for this problem are options A and D: the application is using a protocol that the NAT gateway does not support, or the NAT gateway is not in the Available state. If the application is using a protocol that the NAT gateway does not support, it will not be able to access the internet through the NAT gateway. Similarly, if the NAT gateway is not in the Available state, it will not be able to provide internet access to the EC2 instances. The other options, B, C, and E, are not possible reasons for this problem.

Thinking about A, I believe its not a matter of protocol once application was behind NAT Instances and I was supposed to be working...Thats why I vote for C and D.

Ans: D Ref.https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html#nat-gateway-troubleshooting-no-internet-connection