Topic 1 Question 19
A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets. A solutions architect needs to integrate the web application with the appliance to inspect all traffic to the application before the traffic reaches the web server. Which solution will meet these requirements with the LEAST operational overhead?
Create a Network Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.
Create an Application Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.
Deploy a transit gateway in the inspection VPConfigure route tables to route the incoming packets through the transit gateway.
Deploy a Gateway Load Balancer in the inspection VPC. Create a Gateway Load Balancer endpoint to receive the incoming packets and forward the packets to the appliance.
ユーザの投票
コメント(17)
Answer is D . Use Gateway Load balancer REF: https://aws.amazon.com/blogs/networking-and-content-delivery/scaling-network-traffic-inspection-using-aws-gateway-load-balancer/
👍 25CloudGuru992022/10/08It's D, Coz.. Gateway Load Balancer is a new type of load balancer that operates at layer 3 of the OSI model and is built on Hyperplane, which is capable of handling several thousands of connections per second. Gateway Load Balancer endpoints are configured in spoke VPCs originating or receiving traffic from the Internet. This architecture allows you to perform inline inspection of traffic from multiple spoke VPCs in a simplified and scalable fashion while still centralizing your virtual appliances.
👍 22pm22292022/11/06- 正解だと思う選択肢: D
Keywords:Third-party virtual firewall appliance from AWS Marketplace in an inspection VPC -> only Gateway Load Balancer support it
A: Incorrect - Network Load Balancer don't support to route traffic to third-party virtual firewall appliance. B: Incorrect - Application Load Balancer don't support to route traffic to third-party virtual firewall appliance. C: Incorrect - Transit Gateway is use as connect center to connect all VPC, Direct Connect Gateway and VPN Connection. Routes Tables in Trasit Gateway only limit which VPC can talk to other VPCs. D: Correct - Gateway Load Balancer support route traffic to third-party virtual firewall appliance in layer 3 that make it different from ALB and NLB.
👍 16PhucVuu2023/04/06
シャッフルモード