AWS Certified Solutions Architect - Professional Exam QuestionsBrowse all questions from this exam
Go to Exam

AWS Certified Solutions Architect - Professional Exam - Question 54

You are implementing a URL whitelisting system for a company that wants to restrict outbound HTTP'S connections to specific domains from their EC2-hosted applications. You deploy a single EC2 instance running proxy software and configure It to accept traffic from all subnets and EC2 instances in the VPC. You configure the proxy to only pass through traffic to domains that you define in its whitelist configuration. You have a nightly maintenance window or 10 minutes where all instances fetch new software updates. Each update Is about 200MB In size and there are 500 instances In the VPC that routinely fetch updates. After a few days you notice that some machines are failing to successfully download some, but not all of their updates within the maintenance window. The download

URLs used for these updates are correctly listed in the proxy's whitelist configuration and you are able to access them manually using a web browser on the instances.

What might be happening? (Choose two.)

Show Answer
Correct Answer: AD

Given the scenario where some EC2 instances are failing to download updates within the maintenance window, the most plausible reasons are as follows: The proxy EC2 instance may be undersized, leading to insufficient network throughput to handle the combined traffic for all instances downloading updates at the same time. Additionally, if the proxy is not allocated enough storage, its network buffer could fill up, causing some requests to fail. These are the likely reasons for the intermittent failures rather than issues related to NAT instances or EIPs, which are not mentioned as part of the architecture.

Discussion

10 comments
Sign in to comment
cldy
Sep 23, 2021

A. B. possible reasons for the "failing to successfully download some, but not all of their updates" requirement.

kenkool
Sep 28, 2021

AD is the answer

JPA210Options: AD
Feb 7, 2024

B is not plausible, because no-one uses NAT instances anymore, NAT Gateway is what is used nowadays. C and E simple don't make sense, so the only possible ones are A and D.

Malcnorth59
Nov 2, 2021

A. E. Is the answer

sTeVe86
Feb 15, 2022

E is incorrect, otherwise all failed.

01037
Nov 3, 2021

I'll choose A&B. D looks like a correct answer, but I think it depends on the proxy software and nothing is mentioned about it.

Juks
Dec 25, 2021

A and B https://acloud.guru/forums/aws-certified-solutions-architect-professional/discussion/-KGXk5Feqh4hQm1Bjt9U/tricky_network_question

TechXOptions: AB
Jul 1, 2022

Answer: AB Explanation: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-ec2-config.html

shammousOptions: AD
Jan 8, 2024

There is no mention of NAT instance so I would rule answer B out. the only plausible answer involving the proxy is C.

amministrazione
Aug 16, 2024

A. You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time. D. You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.

arsovaiOptions: AB
May 4, 2025

A,B If you have 500 x3 large instances behind a t3 nat gateway micro instance, than the nat gateway is not sufficently sized to handle the routing