ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 157 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 157
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company that develops web applications has launched hundreds of Application Load Balancers (ALBs) in multiple Regions. The company wants to create an allow list for the IPs of all the load balancers on its firewall device. A solutions architect is looking for a one-time, highly available solution to address this request, which will also help reduce the number of IPs that need to be allowed by the firewall.
What should the solutions architect recommend to meet these requirements?

  • A. Create a AWS Lambda function to keep track of the IPs for all the ALBs in different Regions. Keep refreshing this list.
  • B. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets to this NLB.
  • C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints.
  • D. Set up an Amazon EC2 instance, assign an Elastic IP to this EC2 instance, and configure the instance as a proxy to forward traffic to all the ALBs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Paitan at Aug. 11, 2020, 12:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Paitan
Highly Voted 3 years, 8 months ago
This is another tricky question as most will start thinking about how to get a list of IP addresses of the hundreds of ALBs. A static IP address serves as a single point of contact for clients, and Global Accelerator then distributes incoming traffic across healthy endpoints. We can use the single IP in the Firewall allow list. So the correct option is C.
upvoted 90 times
pkg82
3 years, 7 months ago
Correct. Here is the clue - How does AWS Global Accelerator work together with Elastic Load Balancing (ELB)? https://aws.amazon.com/global-accelerator/faqs/
upvoted 17 times
...
...
anpt
Highly Voted 3 years, 7 months ago
CCCCCCCCCCCCCCCCCCCCCCCCCCC
upvoted 6 times
...
Six_Fingered_Jose
Most Recent 2 years, 7 months ago
Selected Answer: C
Answer is C because cross-region load balancing is not supported without VPC peering, and B does not say anything about VPC peering
upvoted 2 times
...
queen101
2 years, 8 months ago
CCCCCCCCC
upvoted 1 times
...
pkhdog22
2 years, 9 months ago
Selected Answer: C
assist lower the number of IPs that the firewall must accept or AnyCast IP -> Usually associated with Global Accelator
upvoted 1 times
...
examJack
3 years, 1 month ago
Selected Answer: C
AWS Global Accelerator is a network layer service in which you create accelerators to improve availability and performance for internet applications used by a global audience. https://docs.aws.amazon.com/global-accelerator/latest/dg/what-is-global-accelerator.html
upvoted 1 times
...
rav009
3 years, 5 months ago
Ans: C B is wrong, because IP of ALB is always changing.
upvoted 1 times
...
Azure1971
3 years, 6 months ago
Answer is C: "Simplified global traffic management" "As your application grows, the number of endpoints and IP addresses that you need to manage increases and becomes burdensome". "As you update your application, to add or remove endpoints, you risk lowering availability of your application due to firewalls, hardcoded devices and allow-lists not having the latest information". "AWS Global Accelerator simplifies global traffic management by providing 2 static anycast IP addresses that only need to be configured by users once. Behind these IP address you can add or remove AWS origins, opening up uses such as endpoint failover, scaling, or testing without any user-side changes." https://aws.amazon.com/global-accelerator/
upvoted 3 times
...
woke
3 years, 6 months ago
C. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints.
upvoted 3 times
...
elrmel
3 years, 6 months ago
Because they take IP list, it is only can in Global Acclerator.
upvoted 1 times
...
Ni_yot
3 years, 6 months ago
Yep C. Stick a global accelerator in front with all the albs behind it
upvoted 4 times
...
syu31svc
3 years, 6 months ago
Answer is C https://docs.aws.amazon.com/global-accelerator/latest/dg/what-is-global-accelerator.html: "By default, Global Accelerator provides you with two static IP addresses that you associate with your accelerator. With a standard accelerator, instead of using the IP addresses that Global Accelerator provides, you can configure these entry points to be IPv4 addresses from your own IP address ranges that you bring to Global Accelerator"
upvoted 3 times
...
KK_uniq
3 years, 6 months ago
If it was NLB we could have said elastric IP but since it is ALB so it has to be Global accelerator C for sure
upvoted 6 times
...
Yogi
3 years, 7 months ago
Ans = C
upvoted 3 times
...
CCNPWILL
3 years, 7 months ago
multi regional. IPs. allow list.. = accelerator. answer is C
upvoted 3 times
...
myutran
3 years, 7 months ago
Answer: C
upvoted 2 times
...
aguy9
3 years, 7 months ago
Answer is C
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel