SAP-C02 Question #819: Real Exam Question with Answer & Explanation

Question

A company hosts a game player-matching service on a public-facing, physical, on-premises instance that all users are able to access over the instance uses UDP. The company wants to migrate the service to AWS and provide a high level of security. A solutions architect needs to de matching service using AWS. Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)

Options

• AUse a Network Load Balancer (NLB) in front of the player-matching instance. Use a friendly DNS
• BUse an Application Load Balancer (ALB) in front of the player-matching instance. Use a friendly
• CDefine an AWS WAF rule to explicitly drop non-UDP traffic, and associate the rule with the load
• DConfigure a network ACL rule to block all non-UDP traffic. Associate the network ACL with the

Explanation

To migrate a UDP-based game player-matching service to AWS securely, a Network Load Balancer (NLB) should be used as it supports UDP traffic and offers high performance. Additionally, network ACLs should be configured at the subnet level to explicitly block all non-UDP traffic, providing a strong security perimeter.

Common mistakes.

• B. An Application Load Balancer (ALB) operates at Layer 7 (HTTP/S) and does not support UDP traffic, making it unsuitable for a UDP-based game service.
• C. AWS WAF operates at Layer 7 and is designed for HTTP/S traffic, therefore it cannot be associated with an NLB for UDP traffic to filter non-UDP traffic.

Concept tested. High-performance UDP load balancing and network security

Reference. https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html

No community discussion yet for this question.