Topic 1 Question 471
3 つ選択A company uses AWS Organizations. The company runs two firewall appliances in a centralized networking account. Each firewall appliance runs on a manually configured highly available Amazon EC2 instance. A transit gateway connects the VPC from the centralized networking account to VPCs of member accounts. Each firewall appliance uses a static private IP address that is then used to route traffic from the member accounts to the internet.
During a recent incident, a badly configured script initiated the termination of both firewall appliances. During the rebuild of the firewall appliances, the company wrote a new script to configure the firewall appliances at startup.
The company wants to modernize the deployment of the firewall appliances. The firewall appliances need the ability to scale horizontally to handle increased traffic when the network expands. The company must continue to use the firewall appliances to comply with company policy. The provider of the firewall appliances has confirmed that the latest version of the firewall code will work with all AWS services.
Which combination of steps should the solutions architect recommend to meet these requirements MOST cost-effectively?
Deploy a Gateway Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.
Deploy a Network Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.
Create an Auto Scaling group and a launch template that uses the new script as user data to configure the firewall appliances. Create a target group that uses the instance target type.
Create an Auto Scaling group. Configure an AWS Launch Wizard deployment that uses the new script as user data to configure the firewall appliances. Create a target group that uses the IP target type.
Create VPC endpoints in each member account. Update the route tables to point to the VPC endpoints.
Create VPC endpoints in the centralized networking account. Update the route tables in each member account to point to the VPC endpoints.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: ACF
The endpoint is created in the centralized account only.
👍 13yog9272024/03/30 - 正解だと思う選択肢: ACF
A - Gateway Load Balancer is LB type used to redirect traffic to traffic inspection devices like firewalls, this is done via GENEVE network protocol. (correct) B - NLB could not be used, NLB does not support GENEVE protocol. (incorrect) C - ASG is the way to go for this scenario, in addition could be add Autoscaling policies to add more instances during traffic spikes and reduce when no traffic spikes (correct) D - Launch wizard work directly with resource EC2 and EBS, I didn't see any integration with ASG (incorrect) E - Works but it's not cost effective, VPCE have a price of 0.01$/hour/az each, so if you have GWLB in multi-az you would pay (1VPCE * number of AZs * number of member account) (incorrect - not cost effective) F - Since transit gateway is used, all traffic could be routed to the centralized networking account, and in there 0.0.0.0/0 traffic would go to the GWLB endpoints, so instead of multiple vpc endpoints you would only have 1VPCE * number of AZs (correct)
👍 7blackname2024/05/12 - 正解だと思う選択肢: ACE👍 5grandcanyon2024/07/02
シャッフルモード