SAP-C02 · Question #101
SAP-C02 Question #101: Real Exam Question with Answer & Explanation
The correct answer is B: Create a new VPC for outbound traffic to the internet.. https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws- network-firewall/ https://aws.amazon.com/blogs/networking-and-content-delivery/deploy-centralized-traffic-filtering- using-aws-network-firewall/
Question
A solutions architect at a largo company needs to set up network security for outbound traffic to the internet from all AWS accounts within an organization in AWS Organizations. The organization has more than 100 AWS accounts, and the accounts route to each other by using a centralized AWS Transit Gateway. Each account has both an internet gateway and a NAT gateway for outbound traffic to the internet. The company deploys resources only Into a single AWS Region. The company needs the ability to add centrally managed rule-based filtering on all outbound traffic to the internet for all AWS accounts in the organization. The peak load of outbound traffic will not exceed 25 Gbps in each Availability Zone. Which solution meets these requirements?
Options
- ACreate a new VPC for outbound traffic to the internet.
- BCreate a new VPC for outbound traffic to the internet.
- CCreate an AWS Network Firewall firewal for rule-based filtering in each AWS account.
- DIn each AWS account, create an Auto Scaling group of network-optimized Amazon EC2 instances
Explanation
https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws- network-firewall/ https://aws.amazon.com/blogs/networking-and-content-delivery/deploy-centralized-traffic-filtering- using-aws-network-firewall/
Community Discussion
No community discussion yet for this question.