Topic 1 Question 7

AWS Certified Advanced Networking - Specialty

Topic 1 Question 7
A network engineer is designing the architecture for a healthcare company's workload that is moving to the AWS Cloud. All data to and from the on-premises environment must be encrypted in transit. All traffic also must be inspected in the cloud before the traffic is allowed to leave the cloud and travel to the on-premises environment or to the internet. The company will expose components of the workload to the internet so that patients can reserve appointments. The architecture must secure these components and protect them against DDoS attacks. The architecture also must provide protection against financial liability for services that scale out during a DDoS event. Which combination of steps should the network engineer take to meet all these requirements for the workload?

3 つ選択
- Use Traffic Mirroring to copy all traffic to a fleet of traffic capture appliances.
- Set up AWS WAF on all network components.
- Configure an AWS Lambda function to create Deny rules in security groups to block malicious IP addresses.
- Use AWS Direct Connect with MACsec support for connectivity to the cloud.
- Use Gateway Load Balancers to insert third-party firewalls for inline traffic inspection.
- Configure AWS Shield Advanced and ensure that it is configured on all public assets.
ユーザの投票
コメント(10)
- D) - All data to and from the on-premises environment must be encrypted in transit. (Use AWS Direct Connect with MACsec support for connectivity to the cloud.) E) - All traffic also must be inspected in the cloud before the traffic is allowed to leave the cloud and travel to the on-premises environment (Use Gateway Load Balancers to insert third-party firewalls for inline traffic inspection.) F) - The architecture also must provide protection against financial liability for services that scale out during a DDoS event.(Configure AWS Shield Advanced and ensure that it is configured on all public assets) F) -
  
  👍 8
  study_aws12023/03/18
- 正解だと思う選択肢: DEF
  D https://docs.aws.amazon.com/directconnect/latest/UserGuide/MACsec.html E https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/introduction.html F https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-summary.html
  
  👍 6
  Untamables2023/03/31
- DEF - DX doesnt natively provide encryption - you would need to run mac-sec or vpn over the DX connection
  
  👍 5
  Narayan2023/03/18
シャッフルモード

ユーザの投票

コメント(10)