ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 161 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 161
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A telecommunications company is running an application on AWS. The company has set up an AWS Direct Connect connection between the company's on-premises data center and AWS. The company deployed the application on Amazon EC2 instances in multiple Availability Zones behind an internal Application Load Balancer (ALB). The company's clients connect from the on-premises network by using HTTPS. The TLS terminates in the ALB. The company has multiple target groups and uses path-based routing to forward requests based on the URL path.

The company is planning to deploy an on-premises firewall appliance with an allow list that is based on IP address. A solutions architect must develop a solution to allow traffic flow to AWS from the on-premises network so that the clients can continue to access the application.

Which solution will meet these requirements?

  • A. Configure the existing ALB to use static IP addresses. Assign IP addresses in multiple Availability Zones to the ALB. Add the ALB IP addresses to the firewall appliance.
  • B. Create a Network Load Balancer (NLB). Associate the NLB with one static IP addresses in multiple Availability Zones. Create an ALB-type target group for the NLB and add the existing ALAdd the NLB IP addresses to the firewall appliance. Update the clients to connect to the NLB.
  • C. Create a Network Load Balancer (NLB). Associate the LNB with one static IP addresses in multiple Availability Zones. Add the existing target groups to the NLB. Update the clients to connect to the NLB. Delete the ALB Add the NLB IP addresses to the firewall appliance.
  • D. Create a Gateway Load Balancer (GWLB). Assign static IP addresses to the GWLB in multiple Availability Zones. Create an ALB-type target group for the GWLB and add the existing ALB. Add the GWLB IP addresses to the firewall appliance. Update the clients to connect to the GWLB.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by bititan at Feb. 2, 2023, 7:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Untamables
Highly Voted 1 year, 8 months ago
Selected Answer: B
The background is the below. - The company is using ALB features and must keep them. - The new on-premise firewall needs a static IP address of the ALB as the next hop. - However, ALB cannot have a static IP address. So the point is how ALB can have a static IP address endpoint. Solution https://aws.amazon.com/premiumsupport/knowledge-center/alb-static-ip/
upvoted 22 times
...
jojom19980
Highly Voted 1 year, 8 months ago
Selected Answer: B
it uses path-based routing to forward requests based on the URL path
upvoted 6 times
...
saggy4
Most Recent 8 months, 3 weeks ago
Selected Answer: B
A - Cannot assign static IP to ALB C - Cannot attach target group directly as path-based forwarding is not possible with NLB D - Gateway load balancer supports only Instance and IP as target B - This is correct since using NLB we can have a static IP assigned and also attach ALB as target to NLB
upvoted 5 times
...
Spnohal
9 months, 1 week ago
https://aws.amazon.com/solutions/implementations/git-to-s3-using-webhooks/
upvoted 1 times
...
career360guru
10 months, 1 week ago
Selected Answer: B
Option B is only feasible option is ALB is using path based routingg.
upvoted 1 times
...
CProgrammer
10 months, 1 week ago
bjexamprep "Anyone help why A not correct?" Where is the On Prem element, the Direct Connect, the ALB covering Multi AZ ? "The objective of this question is achieved" You don't even have the basic structure implemented to attempt to address the questions requirements in your scenario Regarding answer A : https://repost.aws/knowledge-center/alb-static-ip You can't assign a static IP address to an Application Load Balancer.
upvoted 1 times
...
bjexamprep
10 months, 3 weeks ago
Selected Answer: A
Anyone can help explain why A is not correct? I created a private network facing ALB and it has a private IP address automatically created. Which means by adding the private IP address to the firewall, the objective of this question is achieved.
upvoted 2 times
saggy4
8 months, 3 weeks ago
A is not correct because, though the IP attached to the ALB is the private IP, the control of which IP is assign in with AWS, any change in the ALB can result in change of IP or even over a period of time AWS can change the IP (though it will be something in the CIDR)
upvoted 1 times
...
...
career360guru
11 months, 1 week ago
Selected Answer: B
Option B as ALB can not have static IP address so Option A is not possible.
upvoted 2 times
...
task_7
1 year, 1 month ago
D is also not the write answer Target type When you create a target group, you specify its target type, which determines how you specify its targets. After you create a target group, you cannot change its target type. The following are the possible target types: instance The targets are specified by instance ID. ip The targets are specified by IP address. When the target type is ip, you can specify IP addresses from one of the following CIDR blocks: The subnets of the VPC for the target group 10.0.0.0/8 (RFC 1918) 100.64.0.0/10 (RFC 6598) 172.16.0.0/12 (RFC 1918) 192.168.0.0/16 (RFC 1918)
upvoted 1 times
...
task_7
1 year, 1 month ago
Elastic IP support Network Load Balancer also allows you the option to assign an Elastic IP per Availability Zone (subnet) thereby providing your own fixed IP. Both B anc C state single IP for multiple zones
upvoted 1 times
...
Gabehcoud
1 year, 2 months ago
Option B says "ALAdd" what is AL add? I see this very often. Can someone help to explain? Create an ALB-type target group for the NLB and add the existing ALAdd the NLB IP addresses to the firewall appliance. Update the clients to connect to the NLB.
upvoted 1 times
...
khksoma
1 year, 3 months ago
A Gateway Load Balancer endpoint is a VPC endpoint that provides private connectivity between virtual appliances in the service provider VPC, and application servers in the service consumer VPC. The Gateway Load Balancer is deployed in the same VPC as that of the virtual appliances. These appliances are registered as a target group of the Gateway Load Balancer. Since the firewall is deployed on-prem I dont think D is a viable option
upvoted 1 times
...
NikkyDicky
1 year, 3 months ago
Selected Answer: B
B need to keep ALB behind NLB for path routing
upvoted 1 times
...
Maria2023
1 year, 4 months ago
Selected Answer: B
Since ALB does not support static IP addresses by design then we need to use NLB before the ALB or instead. However, since we are heavily utilizing the application layer of the OSI then we cannot use NLB directly. Hence B remains the only choice
upvoted 1 times
...
SkyZeroZx
1 year, 4 months ago
Selected Answer: B
ALB's cannot use static IP's. NLB's have static IP's , addicionally need based on the URL path use ALB then B is more apropiate
upvoted 1 times
...
rbm2023
1 year, 5 months ago
Selected Answer: B
I agree with B. since clients need access to the ALB using a private connection between on premises and AWS. The firewall which is inside company data center operates at network level but we cannot lose ALB due to many path based routing. So we need something like this: https://www.scalefactory.com/blog/2021/12/13/aws-network-load-balancers-new-features/ https://www.scalefactory.com/blog/2021/12/13/aws-network-load-balancers-new-features/img/now-firewall-egress.png and this: https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/
upvoted 3 times
...
God_Is_Love
1 year, 7 months ago
Selected Answer: D
https://aws.amazon.com/elasticloadbalancing/gateway-load-balancer/ Gateway Load Balancer helps you easily deploy, scale, and manage your third-party virtual appliances. It gives you one gateway for distributing traffic across multiple virtual appliances while scaling them up or down, based on demand. This decreases potential points of failure in your network and increases availability.
upvoted 1 times
God_Is_Love
1 year, 7 months ago
https://youtu.be/-j2smz_VCH4?t=1270 ALB (L7)- HTTP, HTTPS NLB (L4)- TCP, UDP, TLS traffic GWLB(L3)- IP traffic and 3rd party Appliances
upvoted 3 times
God_Is_Love
1 year, 7 months ago
AWS Gateway Load Balancer (GWLB) can terminate TLS traffic. GWLB supports SSL/TLS offloading, which means that it can terminate SSL/TLS connections from clients and then forward the decrypted traffic to backend servers over HTTP or HTTPS.
upvoted 1 times
Mickey321
1 year, 7 months ago
I think main question is can it support static IP address which is needed by the firmware to waitlist it?
upvoted 2 times
...
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago