Topic 1 Question 230
2 つ選択A company is using AWS Cloud WAN with one edge location in the us-east-1 Region and one edge location in the us-west-1 Region. A shared services segment exists at both edge locations. Each shared services segment has a VPC attachment to each inspection VPC in each Region. The inspection VPCs inspect traffic from a WAN by using AWS Network Firewall.
The company creates a new segment for a new business unit (BU) in the us-east-1 edge location. The new BU has three VPCs that are attached to the new BU segment. To comply with regulations, the BU VPCs must not communicate with each other. All internet-bound traffic must be inspected in the inspection VPC.
The company updates VPC route tables so any traffic that is bound for internet goes to the AWS Cloud WAN core network.
The company plans to add more VPCs for the new BU in the future. All future VPCs must comply with regulations.
Which solution will meet these requirements in the MOST operationally efficient way?
Update the network policy to share the shared services segment with the BU segment.
Create a network policy to share the inspection service segment with the BU segment.
Set the isolate-attachments field to True for the BU segment.
Set the isolate-attachments field to False for the BU segment.
Update the network policy to add static routes for the BU segment. Configure the shared services segment to route traffic related to VPC CIDR blocks to each respective VPC attachment.
ユーザの投票
コメント(2)
A & C. There is no mention of inspection segment in the question. The only segment mentioned in the question is shared services segment which is why A is correct
👍 3304faa72024/11/18- 正解だと思う選択肢: AC
Options A + C provide the most scalable solution No need to update routes for each new VPC Automatic handling of traffic flows Maintains compliance automatically for future VPCs
👍 2woorkim2024/12/22
シャッフルモード