ANS-C01 · Question #203
ANS-C01 Question #203: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #203. The question stem and answer options stay visible for context.
Question
A network engineer needs to improve the network security of an existing AWS environment by adding an AWS Network Firewall firewall to control internet-bound traffic. The AWS environment consists of five VPCs. Each VPC has an internet gateway, NAT gateways, public Application Load Balancers (ALBs), and Amazon EC2 instances. The EC2 instances are deployed in private subnets. The architecture is deployed across two Availability Zones. The network engineer must be able to configure rules for the public IP addresses in the environment, regardless of the direction of traffic. The network engineer must add the firewall by implementing a solution that minimizes changes to the existing production environment. The solution also must ensure high availability. Which combination of steps should the network engineer take to meet these requirements? (Choose two.)
Options
- ACreate a centralized inspection VPC with subnets in two Availability Zones. Deploy Network
- BConfigure new subnets in two Availability Zones in each VPC. Deploy Network Firewall in each
- CDeploy Network Firewall in each VPUse existing subnets in each of the two Availability Zones to
- DUpdate the route tables that are associated with the private subnets that host the EC2 instances.
- EUpdate the route tables that are associated with the public subnets that host the NAT gateways
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.