Topic 1 Question 216

AWS Certified Advanced Networking - Specialty

Topic 1 Question 216
A company is using third-party firewall appliances to monitor and inspect traffic on premises. The company wants to use the same model on AWS. The Company has a single VPC with an internet gateway. The VPC has a fleet of web servers that run on Amazon EC2 instances that are managed by an Auto Scaling group.

The company’s network team needs to work with the security team to establish inline inspection of all packets that are sent to and from the web servers. The solution must scale as the fleet of virtual firewall appliances scales

Which combination of steps should the network team take to implement this solution?

3 つ選択
- Create a new VPC, and deploy a fleet of firewall appliances. Create a Gateway Load Balancer. Add the firewall appliances as targets.
- Create a security group for use with the firewall appliances, and allow port 443. Allow a port for the Galeway Load Balancer to perform health checks.
- Create a security group for use with the firewall appliances, and allow port 6081. Allow a port for the Gateway Load Balancer to perform health checks.
- Deploy a fleet of firewall appliances to the existing VPC. Create a Gateway Load Balancer. Add the firewall appliances as targets.
- Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.
- Create a new route table inside the web server VPC. Create a new edge association with the internet gateway. Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.
ユーザの投票
コメント(8)
- ACE is answer! B. Port 443 is for HTTPS traffic, but this does not apply to the Gateway Load Balancer D. Deploying the firewalls in the same VPC as the web servers complicates routing and scaling F. Creating a new edge association with the internet gateway is unnecessary. Updating the existing route tables (as described in Option E) is sufficient to route traffic through the Gateway Load Balancer.
  
  👍 5
  woorkim2024/12/16
- 正解だと思う選択肢: ACE
  https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html
  
  👍 3
  qomtodie2024/08/30
- 正解だと思う選択肢: ACE
  ACE is good for this case
  
  👍 3
  VerRi2024/09/28
シャッフルモード

ユーザの投票

コメント(8)