Topic 1 Question 256
A company uses AWS Network Firewall to protect outgoing traffic for multiple VPCs that are in the same AWS account. Each VPC contains Amazon EC2 instances that host the company's applications. Each EC2 instance is tagged with the name of the application it hosts. The EC2 instances are in Auto Scaling groups.
A Network Firewall stateful rule group must remain up-to-date, even when an Auto Scaling group launches and terminates EC2 instances.
Which solution will meet this requirement with the LEAST implementation and administrative effort?
Create a network ACL for each application. Reference the network ACL in the stateful rule group.
Create a prefix list for each application. Reference the prefix list in the stateful rule group.
Create an AWS Lambda function that queries the EC2 instance tags for each application name and then updates the stateful rule group with the IP address of each instance.
Create a resource group for each application name. Reference the Amazon Resource Name (ARN) for the resource groups in the stateful rule group.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: D
D: because a tag-based resource group can be created : see https://docs.aws.amazon.com/network-firewall/latest/developerguide/resource-groups.html
👍 3c1193d42025/01/07 - 正解だと思う選択肢: D
because:
Resource groups automatically update membership based on tags No ongoing maintenance required once set up Handles Auto Scaling events automatically Minimal implementation effort (just create groups and reference ARNs) No custom code or manual updates needed Works with Network Firewall's native capabilities
👍 2woorkim2025/01/13
シャッフルモード