ExpertHard1 markMultiple Choice
AWS SAP-C02 · Question 21 · Domain 1.1: Network Connectivity
An enterprise uses AWS Transit Gateway to connect 50 VPCs. They want to inspect all internet-bound traffic from these VPCs using third-party firewall appliances. What is the MOST scalable architecture?
An enterprise uses AWS Transit Gateway to connect 50 VPCs. They want to inspect all internet-bound traffic from these VPCs using third-party firewall appliances. What is the MOST scalable architecture?
Answer options:
A.
Deploy firewall appliances in each VPC.
B.
Deploy a Gateway Load Balancer (GWLB) with the firewall appliances in a centralized inspection VPC, routed via Transit Gateway.
C.
Use AWS Network Firewall in each VPC.
D.
Route all traffic back to on-premises firewalls via Direct Connect.
How to approach this question
Identify the service designed to scale third-party network appliances.
Full Answer
B.Deploy a Gateway Load Balancer (GWLB) with the firewall appliances in a centralized inspection VPC, routed via Transit Gateway.✓ Correct
Gateway Load Balancer makes it easy to deploy, scale, and manage third-party virtual appliances like firewalls.
Common mistakes
Using Network Load Balancers, which require complex routing for transparent inspection.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium