Topic 1 Question 107
A systems engineer is troubleshooting the connectivity of a test environment that includes a virtual security appliance deployed inline. In addition to using the virtual security appliance, the development team wants to use security groups and network ACLs to accomplish various security requirements in the environment.
What configuration is necessary to allow the virtual security appliance to route the traffic?
Disable network ACLs.
Configure the security appliance's elastic network interface for promiscuous mode.
Disable the Network Source/Destination check on the security appliance's elastic network interface.
Place the security appliance in the public subnet with the internet gateway.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: C
Option C is the correct solution.
To allow a virtual security appliance deployed inline to route traffic between subnets, the Network Source/Destination Check needs to be disabled on its elastic network interface. This enables the appliance to receive traffic that is not specifically addressed to itself.
Option A is incorrect because disabling network ACLs is not required for a virtual appliance deployment and would reduce security.
Option B mentions promiscuous mode which applies to physical network interfaces, not virtual ones in AWS.
Option D places the appliance in the public subnet which may help route internet traffic but does not address routing between private subnets. Disabling the Source/Destination Check is required to enable that routing functionality.
👍 4azure4life2024/06/14 - 正解だと思う選択肢: C
C is correct
👍 3[Removed]2024/05/25 - 正解だと思う選択肢: C👍 3kejam2024/05/31
シャッフルモード