An enterprise is designing a multi-account strategy using AWS Control Tower. They need to implement centralized egress to the internet for all member accounts to inspect traffic using a third-party firewall appliance. Which THREE architectural components are required? (Select THREE)

Answer options:

AWS Transit Gateway

Gateway Load Balancer (GWLB)

A dedicated Egress/Security VPC

AWS Global Accelerator

VPC Peering between all member accounts

AWS Client VPN

How to approach this question

Identify the hub-and-spoke router (TGW), the appliance load balancer (GWLB), and the central location (Egress VPC).

Full Answer

Centralized egress requires an Egress VPC. AWS Transit Gateway routes traffic from all member VPCs to this Egress VPC. Within the Egress VPC, a Gateway Load Balancer (GWLB) distributes the traffic to a fleet of third-party firewall appliances for inspection before it goes to the internet.

Common mistakes

Choosing VPC Peering instead of Transit Gateway for a scalable multi-account architecture.

Question 61 All questions Question 63

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →