Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 1 Question 42 Discussion

A company is planning to host external websites on AWS. The websites will include multiple tiers such as web servers, application logic services, and databases. The company wants to use AWS Network Firewall. AWS WAR and VPC security groups for network security.The company must ensure that the Network Firewall firewalls are deployed appropriately within relevant VPCs. The company needs the ability to centrally manage policies that are deployed to Network Firewall and AWS WAF rules. The company also needs to allow application teams to manage their own security groups while ensuring that the security groups do not allow overly permissive access.What is the MOST operationally efficient solution that meets these requirements?
D) Define Network Firewall firewalls. AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups in code. Use AWS CloudFormation to deploy the objects and initial policies and rule groups. Use AWS Firewall Manager to manage the AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups. Use Amazon GuardDuty to monitor for overly permissive rules.
A) Define Network Firewall firewalls. AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups in code Use AWS CloudFormation to deploy the objects and Initial policies and rule groups. Use CloudFormation to update the AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups. Use Amazon GuardDuty to monitor for overly permissive rules.
B) Define Network Firewall firewalls. AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups in code. Use the AWS Management Console or the AWS CLI to manage the AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups. Use Amazon GuardDuty to invoke an AWS Lambda function to evaluate the configured rules and remove any overly permissive rules.
C) Deploy AWS WAFv2 IP sets and AWS WAFv2 web ACLs with AWS CloudFormation. Use AWS Firewall Manager to deploy Network Firewall firewalls and VPC security groups where required and to manage the AWS WAFv2 web ACLs, Network Firewall policies, and VPC security groups.

Amazon ANS-C01 Exam - Topic 1 Question 42 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 42
Topic #: 1
[All ANS-C01 Questions]

A company is planning to host external websites on AWS. The websites will include multiple tiers such as web servers, application logic services, and databases. The company wants to use AWS Network Firewall. AWS WAR and VPC security groups for network security.

The company must ensure that the Network Firewall firewalls are deployed appropriately within relevant VPCs. The company needs the ability to centrally manage policies that are deployed to Network Firewall and AWS WAF rules. The company also needs to allow application teams to manage their own security groups while ensuring that the security groups do not allow overly permissive access.

What is the MOST operationally efficient solution that meets these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Lucia at Nov 19, 2024, 01:36 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leonida
6 months ago
D looks good, but managing everything in code feels a bit overwhelming.
upvoted 0 times
...
Dong
6 months ago
Wait, can GuardDuty really monitor for overly permissive rules?
upvoted 0 times
...
Kendra
7 months ago
C is interesting, but I'm not sure about using Firewall Manager for everything.
upvoted 0 times
...
Blythe
7 months ago
I think B is better for flexibility with the AWS CLI.
upvoted 0 times
...
Kristine
7 months ago
Option A seems solid for automation with CloudFormation.
upvoted 0 times
...
Ulysses
7 months ago
I practiced a similar question, and I think using GuardDuty to monitor for overly permissive rules is crucial. It’s a good way to ensure security.
upvoted 0 times
...
Edna
7 months ago
I feel like option C might be the best choice since it mentions AWS Firewall Manager, which centralizes management. But I need to double-check the details.
upvoted 0 times
...
Annelle
8 months ago
I'm not entirely sure, but I think using CloudFormation for deployment is a good practice. It helps with consistency, right?
upvoted 0 times
...
King
8 months ago
I remember studying about AWS Firewall Manager and how it can help manage security policies across multiple accounts. It seems relevant here.
upvoted 0 times
...
Ilene
8 months ago
I'm not too familiar with AWS Firewall Manager, so I'll need to do some research on that service to understand how it can be used to manage the Network Firewall and WAF policies. The other parts of the solution seem pretty straightforward, though.
upvoted 0 times
...
Angelica
8 months ago
Option D looks like the most comprehensive solution that meets all the requirements. Defining the resources in code and using CloudFormation for deployment, while leveraging Firewall Manager for centralized policy management, seems like the most operationally efficient approach.
upvoted 0 times
...
Denise
8 months ago
Hmm, I'm a bit confused about the different AWS services mentioned and how they all fit together. I'll need to review the details of each one to make sure I understand the differences and how they can be used together.
upvoted 0 times
...
Lindy
8 months ago
This question seems pretty straightforward. I think the key is to use a combination of CloudFormation and Firewall Manager to centrally manage the security policies and configurations.
upvoted 0 times
...
Charolette
2 years ago
Option D looks good, but I'm a little worried about the performance impact of using GuardDuty. Maybe we could use a custom Lambda function instead to keep things snappy.
upvoted 0 times
Stefania
1 year ago
D: Let's explore that option further and see if it's a better fit for our needs.
upvoted 0 times
...
Nicholle
1 year ago
C: That could be a good way to ensure performance isn't impacted.
upvoted 0 times
...
Marnie
1 year ago
B: Yeah, we could definitely look into using a custom Lambda function instead.
upvoted 0 times
...
Cheryl
1 year ago
A: Option D sounds solid, but I agree, GuardDuty might slow things down.
upvoted 0 times
...
...
Lashaun
2 years ago
Hmm, this is a tough one. I'm leaning towards option C because it seems to offer the most centralized management of the security components. But I'm open to hearing what the other candidates think.
upvoted 0 times
...
Brock
2 years ago
I don't know, man. This whole cloud security thing is starting to make my head spin. I just want to write some code and not worry about all this networking mumbo jumbo.
upvoted 0 times
Lizbeth
1 year ago
D: Agreed, and using GuardDuty to monitor for any overly permissive rules is crucial for security.
upvoted 0 times
...
Victor
1 year ago
C: Option A seems like a good choice, using CloudFormation to deploy and manage the security objects.
upvoted 0 times
...
Kendra
1 year ago
B: Yeah, we need to figure out the best solution to meet the company's requirements.
upvoted 0 times
...
Shawna
1 year ago
A: I hear you, cloud security can be overwhelming. But it's important to make sure our websites are secure.
upvoted 0 times
...
...
Nan
2 years ago
I'm not sure, but I think option C could also be a good choice. It involves using AWS Firewall Manager for managing the security groups.
upvoted 0 times
...
Elenor
2 years ago
I agree with Douglass. Option D seems to cover all the requirements effectively.
upvoted 0 times
...
Douglass
2 years ago
I think the most operationally efficient solution is option D.
upvoted 0 times
...
Fannie
2 years ago
Option D looks good, but I'm not sure about using Amazon GuardDuty to monitor for overly permissive rules. Wouldn't it be better to use a more robust solution like AWS Config or AWS Security Hub?
upvoted 0 times
...
Kattie
2 years ago
This seems like a pretty straightforward question. I think option D is the best solution as it allows for centralized management of the security policies while still giving the application teams the ability to manage their own security groups.
upvoted 0 times
Jacquline
1 year ago
It's important to strike a balance between centralized control and allowing application teams some autonomy.
upvoted 0 times
...
Natalya
2 years ago
Centralized management of security policies is crucial for maintaining a secure environment.
upvoted 0 times
...
Scarlet
2 years ago
I think using AWS CloudFormation for deployment and AWS Firewall Manager for management is a good approach.
upvoted 0 times
...
Leslee
2 years ago
I agree, option D seems like the most efficient solution for this scenario.
upvoted 0 times
...
...

Save Cancel