Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 209 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 209
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has VPCs across 50 AWS accounts and is using AWS Organizations. The company wants to implement web filtering. The requirements for how the traffic must be filtered are the same for all the VPCs. A network engineer plans to use AWS Network Firewall. The network engineer needs to implement a solution that minimizes the number of firewall policies and rule groups that are necessary for this web filtering.

Which combination of steps will meet these requirements? (Choose three.)

  • A. Create a firewall policy or rule group in each account.
  • B. Use SCPs to share the firewall policy or rule group.
  • C. Create a firewall policy or rule group in the management account
  • D. Use AWS Resource Access Manager (AWS RAM) to share the firewall policy or rule group.
  • E. Enable sharing within Organizations.
  • F. Create OUs to share the firewall policy or rule group.
Show Suggested Answer Hide Answer
Suggested Answer: CDE 🗳️
by Cacheirez at Aug. 13, 2024, 6:48 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Spaurito
1 week, 4 days ago
CDE - Firewall policy and rule group sharing integrates with AWS Resource Access Manager (AWS RAM). AWS RAM is a service that enables you to share your AWS resources with any AWS account or through AWS Organizations. With AWS RAM, you share resources that you own by creating a resource share. A resource share specifies the resources to share, and the consumers with whom to share them. Consumers can be individual AWS accounts, organizational units, or an entire organization in AWS Organizations. https://docs.aws.amazon.com/network-firewall/latest/developerguide/sharing.html
upvoted 1 times
...
cas_tori
2 months, 2 weeks ago
Selected Answer: CDE
this is CDE
upvoted 1 times
...
hcong
2 months, 3 weeks ago
Selected Answer: ADE
This combination provides a comprehensive solution to prevent SQL injection attacks: Create a WAF web ACL with appropriate rules Use ALB that can be integrated with WAF Associate WAF with ALB for practical application protection Options B and F are not necessary because the application is internal and does not need CloudFront distribution. Option D is not applicable because NLB cannot be directly integrated with WAF. By implementing these three steps, the company can significantly improve the defense ability of its applications against SQL injection attacks.
upvoted 1 times
hcong
2 months, 3 weeks ago
sorry it should be ACE
upvoted 1 times
...
...
aragon_saa
3 months ago
Selected Answer: CDE
Answer is CDE
upvoted 2 times
...
Cacheirez
3 months ago
Selected Answer: CDE
By creating the firewall policy or rule group in the management account (the central account in AWS Organizations), the engineer can manage these policies centrally, which reduces the need to create and manage separate policies in each of the 50 accounts. AWS RAM allows you to share AWS resources, such as firewall policies and rule groups, across multiple AWS accounts within your organization. This helps minimize the number of policies that need to be created and ensures consistent web filtering across all accounts. Enabling sharing within AWS Organizations allows the resources shared via AWS RAM (such as firewall policies and rule groups) to be accessed by all accounts within the organization. This facilitates the centralized management and application of the web filtering rules across all VPCs in the 50 accounts.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel