ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 21 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 21
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company’s network engineer needs to design a new solution to help troubleshoot and detect network anomalies. The network engineer has configured Traffic Mirroring. However, the mirrored traffic is overwhelming the Amazon EC2 instance that is the traffic mirror target. The EC2 instance hosts tools that the company’s security team uses to analyze the traffic. The network engineer needs to design a highly available solution that can scale to meet the demand of the mirrored traffic.
Which solution will meet these requirements?

  • A. Deploy a Network Load Balancer (NLB) as the traffic mirror target. Behind the NLB. deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring as necessary.
  • B. Deploy an Application Load Balancer (ALB) as the traffic mirror target. Behind the ALB, deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring only during non-business hours.
  • C. Deploy a Gateway Load Balancer (GLB) as the traffic mirror target. Behind the GLB. deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring as necessary.
  • D. Deploy an Application Load Balancer (ALB) with an HTTPS listener as the traffic mirror target. Behind the ALB. deploy a fleet of EC2 instances in an Auto Scaling group. Use Traffic Mirroring only during active events or business hours.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by zaazanuna at March 18, 2023, 9:43 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cheam
Highly Voted 1 year, 5 months ago
Selected Answer: A
Another tricky question and consider the wording in the answers choices - "as the traffic mirror target". I have selected A because the NLB is a valid mirror target, but the GWLB is not (Answer C). Yes, comments supporting Answer C say that GWLB must also mean/include GLWB-E. Then you have two valid answers to the question where you can only select one. Therefore, it is A for me. Ref: https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-targets.html All the best.
upvoted 18 times
...
dremm
Highly Voted 1 year, 9 months ago
Selected Answer: C
C) Makes more sense for the updated exam, GWLB is relatively new. Read the release post for GWLB - https://aws.amazon.com/about-aws/whats-new/2022/05/amazon-vps-traffic-mirroring-supports-sending-mirrored-traffic-gateway-load-balancer-backed-monitoring-appliances/ "This helps simplify the monitoring of network traffic across AWS accounts and VPCs in a highly scalable and operationally efficient manner by removing routing complexity and operational overhead."
upvoted 15 times
...
AzureDP900
Most Recent 1 week, 5 days ago
Selected Answer: A
A is right To create a highly available solution that can scale to handle mirrored traffic while minimizing the impact on the EC2 instance hosting tools for analyzing traffic, we should use a load balancer to distribute the mirrored traffic across multiple instances.
upvoted 1 times
...
Spaurito
2 months ago
C - A listener for Gateway Load Balancers listens for all IP packets across all ports, and then forwards traffic to the target group.
upvoted 1 times
...
btech24
4 months ago
Answer is A, Gateway Load Balancer is not a valid traffic mirror target. There are 3 valid traffic mirror endpoints 1. Network Interface 2. Network Load Balancer 3. Gateway Load Balancer endpoints ref https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-targets.html
upvoted 3 times
...
AlirezaNetWorld
4 months, 2 weeks ago
The right answer is C without any doubts...
upvoted 1 times
...
kourosh
8 months, 2 weeks ago
Selected Answer: A
A is the correct answer: https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-targets.html
upvoted 1 times
...
Jonalb
9 months ago
Selected Answer: A
A is correct!
upvoted 1 times
...
Raphaello
9 months, 1 week ago
Selected Answer: A
I'd go with A. Valid traffic mirror targets include "GWLB ENDPOINTS"..for this, I'd go with A. Traffic mirror target concepts A traffic mirror target is the destination for mirrored traffic. You can use the following resources as traffic mirror targets: Network interfaces of type interface Network Load Balancers Gateway Load Balancer endpoints <<<< https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-targets.html
upvoted 1 times
...
patanjali
10 months, 1 week ago
Selected Answer: A
GWLB cant be the answer as you will need Firewall behind GWLB which understand GENEVE. Simple and BEst solution is to use NLB with TCP/UDP listner
upvoted 1 times
...
ogrefighter
10 months, 1 week ago
Selected Answer: A
GLB operates at Layer 3. NLB operates at Layer 4 -- so an NLB cannot be directly the target of GLB. Simplest answer is A https://aws.amazon.com/compare/the-difference-between-the-difference-between-application-network-and-gateway-load-balancing/#:~:text=An%20NLB%20operates%20on%20layer,on%20ports%20and%20IP%20addresses.
upvoted 1 times
...
Marfee400704
11 months ago
I think that its correct answer is A according to SPOTO products.
upvoted 1 times
...
marfee
11 months, 1 week ago
I think that it's correcty answer is A.
upvoted 1 times
...
AmSpOkE
11 months, 1 week ago
Selected Answer: A
Answer is A as GWLB (which could be a good answer) is not a valid target for a mirroring.
upvoted 2 times
...
Snape
12 months ago
Selected Answer: A
Option B and D involvea ALB, which is suited for web applications and layer 7 traffic. In this scenario, primary goal is to handle mirrored traffic, therefore NLB is a better fit. Option C GLB is designed for different usecases and doesnt make sense here
upvoted 1 times
...
Suresh108
1 year ago
Voting CCCCCCCC https://aws.amazon.com/blogs/networking-and-content-delivery/introduction-to-traffic-mirroring-to-gwlb-endpoints-as-target/
upvoted 1 times
ChinkSantana
11 months, 2 weeks ago
Correct: Amazon VPC Traffic Mirroring now supports sending mirrored traffic to Gateway Load Balancer backed monitoring appliances
upvoted 1 times
...
...
Arad
1 year, 2 months ago
Selected Answer: A
B and D are not correct and ALB cannot be used as target of mirroring. C is not correct because GWLB is to be used in front of 3rd party appliances like Palo Alto Firewalls, not EC2 instances. A is the only option which makes sense and is correct.
upvoted 2 times
alejo232425
1 year, 2 months ago
The EC2 instance hosts tools that the company’s security team uses to analyze the traffic. - that sounds like third party tools otherwise they would mention what apps.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago