Amazon Exam ANS-C01 Topic 7 Question 27 Discussion

Actual exam question for Amazon's ANS-C01 exam

Question #: 27
Topic #: 7

A company is using third-party firewall appliances to monitor and inspect traffic on premises The company wants to use this same model on AWS. The company has a single VPC with an internet gateway. The VPC has a fleet of web servers that run on Amazon EC2 instances that are managed by an Auto Scaling group.

The company's network team needs to work with the security team to establish inline inspection of all packets that are sent to and from the web servers. The solution must scale as the fleet of virtual firewall appliances scales.

Which combination of steps should the network team take to implement this solution? (Select THREE.)

ACreate a new VPC, and deploy a fleet of firewall appliances. Create a Gateway Load Balancer. Add the firewall appliances as targets.

BCreate a security group for use with the firewall appliances, and allow port 443. Allow a port for the Gateway Load Balancer to perform health checks.

CCreate a security group for use with the firewall appliances, and allow port 6081. Allow a port for the Gateway Load Balancer to perform health checks.

DDeploy a fleet of firewall appliances to the existing VPC. Create a Gateway Load Balancer. Add the firewall appliances as targets.

EUpdate the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.

FCreate a new route table inside the web server VPC. Create a new edge association with the internet gateway. Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.

Show Suggested Answer

Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.

by Eleonore at May 19, 2024, 06:37 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rolland

18 days ago

Ah, the joys of networking and security on AWS. I bet the network and security teams are already arguing over the best approach. Time to put on my diplomat hat!

upvoted 0 times

...

Olene

19 days ago

I'm feeling pretty confident about this one. The steps seem straightforward, but I'll need to double-check that I've selected the correct combination.

upvoted 0 times

...

Dorothy

25 days ago

Haha, I bet the security team is going to have a field day with this one. Gotta make sure we get all the firewall settings just right, or it's going to be a mess!

upvoted 0 times

Nu

10 days ago

A: We need to create a new VPC and deploy the firewall appliances. Add them as targets to the Gateway Load Balancer.

upvoted 0 times

...

2 months ago

I think we should create a new VPC and deploy a fleet of firewall appliances.

upvoted 0 times

...