SAP-C02 Question #734: Real Exam Question with Answer & Explanation

Question

A company uses AWS Organizations. The company runs two firewall appliances in a centralized networking account. Each firewall appliance runs on a manually configured highly available Amazon EC2 instance. A transit gateway connects the VPC from the centralized networking account to VPCs of member accounts. Each firewall appliance uses a static private IP address that is then used to route traffic from the member accounts to the internet. During a recent incident, a badly configured script initiated the termination of both firewall appliances. During the rebuild of the firewall appliances, the company wrote a new script to configure the firewall appliances at startup. The company wants to modernize the deployment of the firewall appliances. The firewall appliances need the ability to scale horizontally to handle increased traffic when the network expands. The company must continue to use the firewall appliances to comply with company policy. The provider of the firewall appliances has confirmed that the latest version of the firewall code will work with all AWS services. Which combination of steps should the solutions architect recommend to meet these requirements MOST cost-effectively? (Choose three.)

Options

• ADeploy a Gateway Load Balancer in the centralized networking account. Set up an endpoint
• BDeploy a Network Load Balancer in the centralized networking account. Set up an endpoint
• CCreate an Auto Scaling group and a launch template that uses the new script as user data to
• DCreate an Auto Scaling group. Configure an AWS Launch Wizard deployment that uses the new
• ECreate VPC endpoints in each member account. Update the route tables to point to the VPC
• FCreate VPC endpoints in the centralized networking account. Update the route tables in each