ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 642 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 642
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company hosts a game player-matching service on a public facing, physical, on-premises instance that all users are able to access over the internet. All traffic to the instance uses UDP. The company wants to migrate the service to AWS and provide a high level of security. A solutions architect needs to design a solution for the player-matching service using AWS.
Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)

  • A. Use a Network Load Balancer (NLB) in front of the player-matching instance. Use a friendly DNS entry in Amazon Route 53 pointing to the NLB's Elastic IP address.
  • B. Use an Application Load Balancer (ALB) in front of the player-matching instance. Use a friendly DNS entry in Amazon Route 53 pointing to the ALB's internet- facing fully qualified domain name (FQDN).
  • C. Define an AWS WAF rule to explicitly drop non-UDP traffic, and associate the rule with the load balancer.
  • D. Configure a network ACL rule to block all non-UDP traffic. Associate the network ACL with the subnets that hold the load balancer instances.
  • E. Use Amazon CloudFront with an Elastic Load Balancer as an origin.
  • F. Enable AWS Shield Advanced on all public-facing resources.
Show Suggested Answer Hide Answer
Suggested Answer: BDF 🗳️
by liono at Nov. 4, 2020, 9:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
smartassX
Highly Voted 3 years, 8 months ago
ADF "If your application is used only for TCP traffic, you can create a rule to deny all UDP traffic, or vice versa" https://docs.aws.amazon.com/whitepapers/latest/aws-best-practices-ddos-resiliency/security-groups-and-network-access-control-lists-nacls-bp5.html
upvoted 24 times
...
Bulti
Highly Voted 3 years, 8 months ago
ADF. Not B because this is a traffic using layer 4 Protocol (UDP) and NLB is a better fit to handle this traffic than ALB. Not C because WAF protects ALB and is meant to protect web application traffic mainly HTTP and HTTPS.
upvoted 5 times
...
kangtamo
Most Recent 2 years, 11 months ago
Selected Answer: ADF
Agree with ADF.
upvoted 2 times
...
Ni_yot
3 years, 4 months ago
ADF. NLB supports UDP
upvoted 1 times
...
AzureDP900
3 years, 6 months ago
A,D,F is perfect answer The Network Load Balancer (NLB) supports the UDP protocol and can be placed in front of the application instance. This configuration may add some security if the instance is running in a private subnet. An NLB can be configured with an Elastic IP in each subnet in which it has nodes. In this case it only has a single subnet (one instance) and so there will be 1 EIP. Route 53 can be configured to resolve directly to the EIP rather than the DNS name of the NLB as there is only one IP address to return. To filter traffic the network ACL for the subnet can be configured to block all non-UDP traffic. This solution meets all the stated requirements.
upvoted 1 times
...
andylogan
3 years, 7 months ago
It's A D F, NLB + NACL + AWS Shield Advanced
upvoted 2 times
...
student22
3 years, 7 months ago
ADF NLB + NACL + AWS Shield Advanced
upvoted 2 times
...
tgv
3 years, 7 months ago
AAA DDD FFF ---
upvoted 1 times
...
blackgamer
3 years, 7 months ago
A over B because the application needs UDP port. NLB is the answer here. D and F are Okay.
upvoted 1 times
...
denccc
3 years, 7 months ago
I would think BDF? Not sure if the order of answers changed? WAF for ALB.
upvoted 1 times
denccc
3 years, 7 months ago
Oh yes, UDP... my bad
upvoted 2 times
...
...
WhyIronMan
3 years, 7 months ago
I'll go with A,D,F
upvoted 3 times
...
mustpassla
3 years, 7 months ago
ADF for sure. keyword: UDP and security.
upvoted 1 times
...
Waiweng
3 years, 7 months ago
it's A,D,F
upvoted 4 times
...
Kian1
3 years, 7 months ago
going with ADF
upvoted 3 times
...
Justu
3 years, 7 months ago
I would go ACF, WAF is better solution to defend your load balancer than NACL.
upvoted 2 times
rasti
3 years, 7 months ago
C is wrong. WAF is only for ALB, not for NLB. ADF is correct
upvoted 11 times
...
...
nqobza
3 years, 8 months ago
The correct answer is AEF. I think people are getting caught up with trying to block UDP traffic. There is no need for that as on the Network load balancer we would only add a UDP listener so anything outside of UDP would be rejected anyway.
upvoted 1 times
...
Ebi
3 years, 8 months ago
I will go with ADE, I don't see any reason to enable expensive Advanced Shield when there is no specific requirement in the question
upvoted 3 times
Ebi
3 years, 7 months ago
Changed my answer to ADF: https://aws.amazon.com/blogs/networking-and-content-delivery/accelerate-protect-games-with-amazon-cloudfront-aws-shield-aws-waf/
upvoted 5 times
certainly
3 years, 7 months ago
why not E. CloudFront is also recommended in referenced aws blog. also, https://docs.aws.amazon.com/whitepapers/latest/aws-best-practices-ddos-resiliency/protecting-your-origin-bp1-bp5.html
upvoted 2 times
heyheyhei
3 years, 7 months ago
CloudFront does not support UDP. Instead, Global Accelerator can be used for UDP gaming
upvoted 9 times
...
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel