SAP-C02 第 264 题
题目
A company has migrated a legacy application to the AWS Cloud. The application runs on three Amazon EC2 instances that are spread across three Availability Zones. One EC2 instance is in each Availability Zone. The EC2 instances are running in three private subnets of the VPC and are set up as targets for an Application Load Balancer (ALB) that is associated with three public subnets. The application needs to communicate with on-premises systems. Only traffic from IP addresses in the company's IP address range are allowed to access the on-premises systems. The company’s security team is bringing only one IP address from its internal IP address range to the cloud. The company has added this IP address to the allow list for the company firewall. The company also has created an Elastic IP address for this IP address. A solutions architect needs to create a solution that gives the application the ability to communicate with the on-premises systems. The solution also must be able to mitigate failures automatically. Which solution will meet these requirements?
中文翻译:
一家公司已将旧应用程序迁移到 AWS 云。该应用程序在分布于三个可用区的三个 Amazon EC2 实例上运行。每个可用区中有一个 EC2 实例。 EC2 实例在 VPC 的三个私有子网中运行,并设置为与三个公有子网关联的应用程序负载均衡器 (ALB) 的目标。应用程序需要与本地系统通信。仅允许来自公司IP地址范围内的IP地址的流量访问本地系统。该公司的安全团队仅将其内部 IP 地址范围中的一个 IP 地址引入云端。公司已将此 IP 地址添加到公司防火墙的允许列表中。该公司还为此IP地址创建了一个弹性IP地址。解决方案架构师需要创建一个解决方案,使应用程序能够与本地系统进行通信。该解决方案还必须能够自动缓解故障。哪种解决方案可以满足这些要求?
选项
A. Deploy three NAT gateways, one in each public subnet. Assign the Elastic IP address to the NAT gateways. Turn on health checks for the NAT gateways. If a NAT gateway fails a health check, recreate the NAT gateway and assign the Elastic IP address to the new NAT gateway.
中文翻译:
部署三个 NAT 网关,每个公有子网各一个。将弹性 IP 地址分配给 NAT 网关。打开 NAT 网关的运行状况检查。如果NAT网关健康检查失败,请重新创建NAT网关并将弹性IP地址分配给新的NAT网关。
B. Replace the ALB with a Network Load Balancer (NLB). Assign the Elastic IP address to the NLTurn on health checks for the NLIn the case of a failed health check, redeploy the NLB in different subnets.
中文翻译:
将 ALB 替换为网络负载均衡器 (NLB)。为 NLT 分配弹性 IP 地址打开 NL 的运行状况检查。如果运行状况检查失败,请在不同子网中重新部署 NLB。
C. Deploy a single NAT gateway in a public subnet. Assign the Elastic IP address to the NAT gateway. Use Amazon CloudWatch with a custom metric to monitor the NAT gateway. If the NAT gateway is unhealthy, invoke an AWS Lambda function to create a new NAT gateway in a different subnet. Assign the Elastic IP address to the new NAT gateway.
中文翻译:
在公有子网中部署单个 NAT 网关。将弹性 IP 地址分配给 NAT 网关。使用 Amazon CloudWatch 和自定义指标来监控 NAT 网关。如果 NAT 网关运行状况不佳,请调用 AWS Lambda 函数在不同的子网中创建新的 NAT 网关。将弹性 IP 地址分配给新的 NAT 网关。
D. Assign the Elastic IP address to the ALB. Create an Amazon Route 53 simple record with the Elastic IP address as the value. Create a Route 53 health check. In the case of a failed health check, recreate the ALB in different subnets.
中文翻译:
将弹性 IP 地址分配给 ALB。使用弹性 IP 地址作为值创建 Amazon Route 53 简单记录。创建 Route 53 运行状况检查。如果运行状况检查失败,请在不同子网中重新创建 ALB。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 在公有子网中部署单个 NAT 网关。将弹性 IP 地址分配给 NAT 网关。使用 Amazon CloudWatch 和自定义指标来监控 NAT 网关。如果 NAT 网关运行状况不佳,请调用 AWS Lambda 函数在不同的子网中创建新的 NAT 网关。将弹性 IP 地址分配给新的 NAT 网关。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要...