ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 957 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 957
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company uses AWS Organizations. The company runs two firewall appliances in a centralized networking account. Each firewall appliance runs on a manually configured highly available Amazon EC2 instance. A transit gateway connects the VPC from the centralized networking account to VPCs of member accounts. Each firewall appliance uses a static private IP address that is then used to route traffic from the member accounts to the internet.

During a recent incident, a badly configured script initiated the termination of both firewall appliances. During the rebuild of the firewall appliances, the company wrote a new script to configure the firewall appliances at startup.

The company wants to modernize the deployment of the firewall appliances. The firewall appliances need the ability to scale horizontally to handle increased traffic when the network expands. The company must continue to use the firewall appliances to comply with company policy. The provider of the firewall appliances has confirmed that the latest version of the firewall code will work with all AWS services.

Which combination of steps should the solutions architect recommend to meet these requirements MOST cost-effectively? (Choose three.)

  • A. Deploy a Gateway Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.
  • B. Deploy a Network Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.
  • C. Create an Auto Scaling group and a launch template that uses the new script as user data to configure the firewall appliances. Create a target group that uses the instance target type.
  • D. Create an Auto Scaling group. Configure an AWS Launch Wizard deployment that uses the new script as user data to configure the firewall appliances. Create a target group that uses the IP target type.
  • E. Create VPC endpoints in each member account. Update the route tables to point to the VPC endpoints.
  • F. Create VPC endpoints in the centralized networking account. Update the route tables in each member account to point to the VPC endpoints.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
by masetromain at Nov. 29, 2022, 4:29 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
coolt2
Highly Voted 2 years, 2 months ago
Selected Answer: ACE
reason for E vs F is that in the central VPC you create an endpoint service and in the member VPC you create an endpoint see some prcatical demo from this link from around 13min to 15 min part: https://www.youtube.com/watch?v=oNzTbhmLFDw&t=2s
upvoted 7 times
...
3a632a3
Most Recent 1 year, 4 months ago
Selected Answer: ACE
https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/getting-started.html The overview exactly describes this setup. D is wrong as launch wizard is for deploying specific applications such as Active Directory or SAP. https://docs.aws.amazon.com/launchwizard/
upvoted 1 times
...
Jesuisleon
1 year, 11 months ago
Selected Answer: ACE
E is correct, F is wrong. https://tomgregory.com/cross-account-vpc-access-in-aws/ the method 2 in this link shows which side should create vpc endpoints which side should create vpc endpoint service.
upvoted 2 times
...
dev112233xx
2 years ago
Selected Answer: ACF
ACF is better
upvoted 1 times
...
hobokabobo
2 years, 1 month ago
Selected Answer: BCE
NLB allows to create an endpointservice. Application in other accounts can connect to this service via private link endpoints. Autoscalling can be attached to network loadbalancer and for that one uses a launchtemplate. A vrs B Gatewayloadbalancer can serve as endpointservice but afaik you need gateway endpoints to connect to it. C vrs D: C is by the book how autoscaling works. E vrs F: die other applications are in different accounts we need the endpoints in those accounts - endpoint in the central account will not help much.
upvoted 3 times
...
masetromain
2 years, 5 months ago
Selected Answer: ACF
I go witch ACF A: Gateway Load Balancer helps you easily deploy, scale, and manage your third-party virtual appliances. It gives you one gateway for distributing traffic across multiple virtual appliances while scaling them up or down, based on demand. This decreases potential points of failure in your network and increases availability. https://aws.amazon.com/fr/elasticloadbalancing/gateway-load-balancer/ C: Each firewall appliance runs on a manually configured highly available Amazon EC2 instance. F: The company runs two firewall appliances in a centralized networking account.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago