ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 216 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 216
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is using third-party firewall appliances to monitor and inspect traffic on premises. The company wants to use the same model on AWS. The Company has a single VPC with an internet gateway. The VPC has a fleet of web servers that run on Amazon EC2 instances that are managed by an Auto Scaling group.

The company’s network team needs to work with the security team to establish inline inspection of all packets that are sent to and from the web servers. The solution must scale as the fleet of virtual firewall appliances scales

Which combination of steps should the network team take to implement this solution? (Choose three.)

  • A. Create a new VPC, and deploy a fleet of firewall appliances. Create a Gateway Load Balancer. Add the firewall appliances as targets.
  • B. Create a security group for use with the firewall appliances, and allow port 443. Allow a port for the Galeway Load Balancer to perform health checks.
  • C. Create a security group for use with the firewall appliances, and allow port 6081. Allow a port for the Gateway Load Balancer to perform health checks.
  • D. Deploy a fleet of firewall appliances to the existing VPC. Create a Gateway Load Balancer. Add the firewall appliances as targets.
  • E. Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.
  • F. Create a new route table inside the web server VPC. Create a new edge association with the internet gateway. Update the internet gateway route table and the web server route table to send traffic to and from the internet to the VPC endpoint ID of the Gateway Load Balancer. Update the subnet route table that is associated with the Gateway Load Balancer endpoint to direct internet traffic to the internet gateway.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
by qomtodie at Aug. 27, 2024, 12:23 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
woorkim
Highly Voted 4 months, 1 week ago
ACE is answer! B. Port 443 is for HTTPS traffic, but this does not apply to the Gateway Load Balancer D. Deploying the firewalls in the same VPC as the web servers complicates routing and scaling F. Creating a new edge association with the internet gateway is unnecessary. Updating the existing route tables (as described in Option E) is sufficient to route traffic through the Gateway Load Balancer.
upvoted 5 times
...
Wardove
Most Recent 3 days, 13 hours ago
Selected Answer: ACF
There is no way to define route for IGW out of the box, you need a new RT and edge association.
upvoted 1 times
...
18641c6
1 month, 4 weeks ago
Selected Answer: ACF
I don't see why ACE is correct, I prefer ACF. When you create a new VPC there is no route table with edge association. So, a new route table must be created and then it gets associated with the edge. Or do I miss a certain point here?
upvoted 2 times
...
Canvill
2 months ago
Selected Answer: CDF
CDF. Only a single VPC is mentioned
upvoted 1 times
...
VerRi
7 months ago
Selected Answer: ACE
ACE is good for this case
upvoted 3 times
...
AlirezaNetWorld
7 months, 1 week ago
ACE is the best answer.
upvoted 2 times
...
qomtodie
8 months ago
Selected Answer: ACE
https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html
upvoted 3 times
...
cas_tori
8 months ago
Selected Answer: DEF
this is DEF
upvoted 1 times
...
aragon_saa
8 months ago
Selected Answer: ADE
Answer is A,D,E
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago