ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 256 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 256
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company uses AWS Network Firewall to protect outgoing traffic for multiple VPCs that are in the same AWS account. Each VPC contains Amazon EC2 instances that host the company's applications. Each EC2 instance is tagged with the name of the application it hosts. The EC2 instances are in Auto Scaling groups.

A Network Firewall stateful rule group must remain up-to-date, even when an Auto Scaling group launches and terminates EC2 instances.

Which solution will meet this requirement with the LEAST implementation and administrative effort?

  • A. Create a network ACL for each application. Reference the network ACL in the stateful rule group.
  • B. Create a prefix list for each application. Reference the prefix list in the stateful rule group.
  • C. Create an AWS Lambda function that queries the EC2 instance tags for each application name and then updates the stateful rule group with the IP address of each instance.
  • D. Create a resource group for each application name. Reference the Amazon Resource Name (ARN) for the resource groups in the stateful rule group.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by c1193d4 at Jan. 7, 2025, 3:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nouwara
1 week, 2 days ago
Selected Answer: B
D cannot be the anser as AWS Network Firewall does not support resource groups or ARNs as rule group match criteria.
upvoted 1 times
...
ashk123456
1 month, 1 week ago
Selected Answer: B
Prefix lists in AWS are dynamic collections of IP address ranges (CIDR blocks) that can be referenced within Network Firewall rules. When you maintain and update a prefix list to include the subnets where your Auto Scaling groups operate, the Network Firewall rules automatically apply to any new instances launched in those subnets. ❌ D. Resource groups cannot be referenced in firewall rule groups. ----AWS Network Firewall does not support referencing resource groups in rule groups.
upvoted 1 times
...
woorkim
3 months, 3 weeks ago
Selected Answer: D
because: Resource groups automatically update membership based on tags No ongoing maintenance required once set up Handles Auto Scaling events automatically Minimal implementation effort (just create groups and reference ARNs) No custom code or manual updates needed Works with Network Firewall's native capabilities
upvoted 2 times
...
c1193d4
4 months ago
Selected Answer: D
D: because a tag-based resource group can be created : see https://docs.aws.amazon.com/network-firewall/latest/developerguide/resource-groups.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago