SAP-C02 Question #822: Real Exam Question with Answer & Explanation

Question

A company hosts a game player-matching service on a public-facing, physical, on-premises instance that all users are able to access over the internet. All traffic to the instance uses UDP. The company wants to migrate the service to AWS and provide a high level of security. A solutions architect needs to design a solution for the player-matching service using AWS. Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)

Options

• AUse a Network Load Balancer (NLB) in front of the player-matching instance. Use a friendly DNS
• BUse an Application Load Balancer (ALB) in front of the player-matching instance. Use a friendly
• CDefine an AWS WAF rule to explicitly drop non-UDP traffic, and associate the rule with the load
• DConfigure a network ACL rule to block all non-UDP traffic Associate the network ACL with the
• EUse Amazon CloudFront with an Application Load Balancer as an origin.
• FEnable AWS Shield Advanced on all public-facing resources.

Explanation

A Network Load Balancer (NLB) is ideal for UDP traffic as it supports high-performance, low- latency handling of UDP requests. The NLB also allows a friendly DNS entry in Amazon Route 53, which maps to the NLB's Elastic IP address for consistent and secure routing. Network ACLs are useful for controlling traffic at the subnet level. A network ACL rule that blocks non-UDP traffic ensures that only UDP traffic reaches the load balancer, enhancing security. Enabling AWS Shield Advanced provides additional DDoS protection for all public-facing resources, safeguarding the game player-matching service from large-scale attacks.

No community discussion yet for this question.