ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 128 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 128
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A consulting company manages AWS accounts for its customers. One of the company's customers needs to add intrusion prevention for its environment without having to re-architect the environment. The customer's environment includes five VPCs in two AWS Regions in the United States. VPC-to-VPC connectivity is achieved through VPC peering. The customer does not plan to increase the number of VPCs within the next 2 years. The solution must accommodate unencrypted traffic.

Which solution will meet these requirements?

  • A. Configure VPC security groups and network ACLs.
  • B. Use an AWS Network Firewall centralized deployment model in each VPC.
  • C. Use an AWS Network Firewall distributed deployment model in each VPC.
  • D. Deploy AWS Shield in each VPC.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Awadhesh at June 7, 2023, 12:32 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lygf
Highly Voted 2 years ago
Selected Answer: C
Nope, you can't do centralized deployment. "For centralized deployment model, AWS Transit Gateway is a prerequisite." https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/
upvoted 10 times
JosMo
1 year, 11 months ago
Quote: "You can use the same model for inspection of traffic to other AWS Regions using AWS Transit Gateway Inter-Region Peering feature as shown in Figure 8. Remote AWS Regions are treated as spokes." https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/
upvoted 1 times
...
...
Josh1217
Highly Voted 1 year, 11 months ago
Selected Answer: C
For centralized deployment model, AWS Transit Gateway is a prerequisite. Cannot add a new Shared VPC which is required for Centralized deployment.
upvoted 7 times
...
woorkim
Most Recent 6 months, 3 weeks ago
Selected Answer: C
For centralized deployment model, AWS Transit Gateway is a prerequisite.
upvoted 1 times
...
Spaurito
7 months, 3 weeks ago
C - The question states - "One of the company's customers needs to add intrusion prevention for its environment without having to re-architect the environment.". This indicates low architectural re-design regardless of time frame.
upvoted 1 times
...
JoellaLi
1 year, 2 months ago
Selected Answer: C
As the environment spans two AWS Regions with VPC peering, a centralized model would require establishing a separate inspection VPC in each Region. This increases complexity versus directly protecting each VPC.
upvoted 1 times
...
Arad
1 year, 7 months ago
Selected Answer: C
C is the right answer.
upvoted 1 times
...
[Removed]
1 year, 11 months ago
Selected Answer: B
We're not planning on changing for the next 2yrs so B is correct.
upvoted 2 times
...
tcp22
2 years ago
C The distributed deployment model supports unencrypted traffic and can be set up to protect traffic within each VPC.
upvoted 3 times
...
Balasmaniam
2 years ago
Deployment models There are multiple deployment models available with AWS Network Firewall. The right model depends on the use case and requirements. The following models are most common: Distributed AWS Network Firewall deployment model: AWS Network Firewall is deployed into each individual VPC. Centralized AWS Network Firewall deployment model: AWS Network Firewall is deployed into centralized VPC for East-West (VPC-to-VPC) and/or North-South (internet egress and ingress, on-premises) traffic. We refer to this VPC as inspection VPC throughout this blog post. Combined AWS Network Firewall deployment model: AWS Network Firewall is deployed into centralized inspection VPC for East-West (VPC-to-VPC) and subset of North-South (On Premises/Egress) traffic. Internet ingress is distributed to VPCs which require dedicated inbound access from the internet and AWS Network Firewall is deployed accordingly.
upvoted 1 times
...
Balasmaniam
2 years ago
Centralized AWS Network Firewall deployment model: AWS Network Firewall is deployed into centralized VPC for East-West (VPC-to-VPC) and/or North-South (internet egress and ingress, on-premises) traffic. We refer to this VPC as inspection VPC throughout this blog post. B is correct ans
upvoted 2 times
tcp22
2 years ago
it is mentioned company does not have plans to add VPC for next 2 years
upvoted 3 times
...
...
Balasmaniam
2 years ago
Selected Answer: B
https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/
upvoted 3 times
Training
2 years ago
Centralized deployment model is complex and requires architectural changes. It should be C.
upvoted 2 times
...
...
Awadhesh
2 years ago
C is the answer, each VPC has network firewall in distributed deployment model only.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel