Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 7 Question 27 Discussion

A company is using third-party firewall appliances to monitor and inspect traffic on premises The company wants to use this same model on AWS. The company has a single VPC with an internet gateway. The VPC has a fleet of web servers that run on Amazon EC2 instances that are managed by an Auto Scaling group.The company's network team needs to work with the security team to establish inline inspection of all packets that are sent to and from the web servers. The solution must scale as the fleet of virtual firewall appliances scales.Which combination of steps should the network team take to implement this solution? (Select THREE.)
B) Create a security group for use with the firewall appliances, and allow port 443. Allow a port for the Gateway Load Balancer to perform health checks.
A) Create a new VPC, and deploy a fleet of firewall appliances. Create a Gateway Load Balancer. Add the firewall appliances as targets.
C) Create a security group for use with the firewall appliances, and allow port 6081. Allow a port for the Gateway Load Balancer to perform health checks.
D) Deploy a fleet of firewall appliances to the existing VPC. Create a Gateway Load Balancer. Add the firewall appliances as targets.
E) Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.
F) Create a new route table inside the web server VPC. Create a new edge association with the internet gateway. Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.

Amazon ANS-C01 Exam - Topic 7 Question 27 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 27
Topic #: 7
[All ANS-C01 Questions]

A company is using third-party firewall appliances to monitor and inspect traffic on premises The company wants to use this same model on AWS. The company has a single VPC with an internet gateway. The VPC has a fleet of web servers that run on Amazon EC2 instances that are managed by an Auto Scaling group.

The company's network team needs to work with the security team to establish inline inspection of all packets that are sent to and from the web servers. The solution must scale as the fleet of virtual firewall appliances scales.

Which combination of steps should the network team take to implement this solution? (Select THREE.)

Show Suggested Answer Hide Answer
Suggested Answer: B

Creating a new Route 53 Resolver outbound endpoint in the shared services VPC would enable forwarding of DNS queries from the VPC to on-premises1.Creating forwarding rules for the on-premises hosted domains would enable specifying which domain names are forwarded to the on-premises DNS servers2.Associating the rules with the new Resolver endpoint and each application VPC would enable applying the rules to the VPCs2.This solution would not affect the default DNS resolution behavior of Route 53 Resolver for local VPC domain names and domains that are hosted in Route 53 private hosted zones3.


by Eleonore at May 19, 2024, 06:37 AM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lenita
6 months ago
Health checks are crucial, don’t forget those!
upvoted 0 times
...
Amalia
6 months ago
Wait, why are we using port 6081? That seems odd.
upvoted 0 times
...
Jaime
7 months ago
Agree, deploying in the existing VPC makes more sense!
upvoted 0 times
...
Leatha
7 months ago
I think option A is overkill, just use the existing VPC.
upvoted 0 times
...
Celestine
7 months ago
Definitely need a Gateway Load Balancer for this setup.
upvoted 0 times
...
Miriam
7 months ago
I’m a bit confused about whether we should deploy the firewall appliances in a new VPC or the existing one. I thought the existing setup was more efficient, but I can't remember the details.
upvoted 0 times
...
Sherell
7 months ago
I vaguely remember something about updating route tables to direct traffic properly. I wonder if option E is the right choice since it mentions the VPC endpoint ID.
upvoted 0 times
...
Loren
8 months ago
I think we practiced a similar question where we had to set up security groups for firewall appliances. I feel like allowing port 443 makes sense for HTTPS traffic, but I can't recall if that's the only port we need.
upvoted 0 times
...
Kassandra
8 months ago
I remember we discussed the importance of using a Gateway Load Balancer for scaling firewall appliances, but I'm not sure if we should create a new VPC or use the existing one.
upvoted 0 times
...
Graciela
8 months ago
This is a tricky one. I'm not super familiar with the Gateway Load Balancer, so I'll need to do some research on how that works and how to integrate it with the existing infrastructure. Definitely going to need to work closely with the security team on this one.
upvoted 0 times
...
Tresa
8 months ago
Okay, I think I've got a handle on this. We'll need to deploy the firewall appliances in the existing VPC, create a Gateway Load Balancer, and then update the routing tables to send all the traffic through the Load Balancer. The security group settings are also important to get right.
upvoted 0 times
...
Vicki
8 months ago
Hmm, not sure I fully grasp the routing aspect here. Do we need to create a new VPC and route all the traffic through that, or can we just deploy the firewall appliances in the existing VPC? The wording is a bit confusing.
upvoted 0 times
...
Darrel
8 months ago
This seems like a pretty straightforward question, just need to make sure I understand the requirements correctly. Looks like we need to set up a Gateway Load Balancer to handle the inline inspection of all traffic to and from the web servers.
upvoted 0 times
...
Dominga
8 months ago
The key is understanding what "NFV ENCS Virtualized branch" means. I'll focus on that to determine the best answer.
upvoted 0 times
...
Michael
8 months ago
This reminds me of a practice question I did recently. I think it involved GRS, but it also mentioned read access, which might make it different.
upvoted 0 times
...
Rolland
1 year ago
Ah, the joys of networking and security on AWS. I bet the network and security teams are already arguing over the best approach. Time to put on my diplomat hat!
upvoted 0 times
Marvel
11 months ago
D: Deploying the fleet of firewall appliances to the existing VPC seems like a good idea. Let's make sure to add them as targets for the Gateway Load Balancer.
upvoted 0 times
...
Reta
11 months ago
C: We should also update the route tables to direct traffic to the Gateway Load Balancer.
upvoted 0 times
...
Maybelle
11 months ago
B: Don't forget to create a security group for the firewall appliances and allow the necessary ports.
upvoted 0 times
...
Cherry
11 months ago
A: Let's create a new VPC and deploy the firewall appliances. We can use a Gateway Load Balancer.
upvoted 0 times
...
...
Olene
1 year ago
I'm feeling pretty confident about this one. The steps seem straightforward, but I'll need to double-check that I've selected the correct combination.
upvoted 0 times
...
Dorothy
1 year ago
Haha, I bet the security team is going to have a field day with this one. Gotta make sure we get all the firewall settings just right, or it's going to be a mess!
upvoted 0 times
Vallie
11 months ago
C: Let's make sure we update the route tables correctly to direct traffic to the Gateway Load Balancer. Can't afford any mistakes!
upvoted 0 times
...
Jospeh
11 months ago
B: Yeah, and we also need to create a security group for the firewall appliances and allow the necessary ports.
upvoted 0 times
...
Brunilda
12 months ago
C: And update the route tables to direct traffic to the Gateway Load Balancer. It's crucial for the setup.
upvoted 0 times
...
Alishia
12 months ago
B: Don't forget to create a security group for the firewall appliances and allow the necessary ports.
upvoted 0 times
...
Jaclyn
1 year ago
A: We need to create a new VPC and deploy the firewall appliances. Don't forget to add them as targets for the Gateway Load Balancer.
upvoted 0 times
...
Nu
1 year ago
A: We need to create a new VPC and deploy the firewall appliances. Add them as targets to the Gateway Load Balancer.
upvoted 0 times
...
...
Delsie
1 year ago
Okay, let's see. I think the key is to create a Gateway Load Balancer and add the firewall appliances as targets. But which security group settings and route table configurations do I need to get this right?
upvoted 0 times
Rosenda
1 year ago
E) Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.
upvoted 0 times
...
Lisha
1 year ago
B) Create a security group for use with the firewall appliances, and allow port 443. Allow a port for the Gateway Load Balancer to perform health checks.
upvoted 0 times
...
Herman
1 year ago
A) Create a new VPC, and deploy a fleet of firewall appliances. Create a Gateway Load Balancer. Add the firewall appliances as targets.
upvoted 0 times
...
...
Jeniffer
1 year ago
Hmm, this seems like a tricky question. I'll need to carefully consider the steps to implement the inline inspection of traffic using the firewall appliances.
upvoted 0 times
Cassie
1 year ago
E) Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.
upvoted 0 times
...
Rose
1 year ago
A) Create a new VPC, and deploy a fleet of firewall appliances. Create a Gateway Load Balancer. Add the firewall appliances as targets.
upvoted 0 times
...
...
Karan
1 year ago
We should also update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer.
upvoted 0 times
...
Pearlie
1 year ago
I agree. We also need to create a Gateway Load Balancer and add the firewall appliances as targets.
upvoted 0 times
...
Heike
1 year ago
I think we should create a new VPC and deploy a fleet of firewall appliances.
upvoted 0 times
...

Save Cancel