SAP-C02 第 471 题
题目
A company uses AWS Organizations. The company runs two firewall appliances in a centralized networking account. Each firewall appliance runs on a manually configured highly available Amazon EC2 instance. A transit gateway connects the VPC from the centralized networking account to VPCs of member accounts. Each firewall appliance uses a static private IP address that is then used to route traffic from the member accounts to the internet. During a recent incident, a badly configured script initiated the termination of both firewall appliances. During the rebuild of the firewall appliances, the company wrote a new script to configure the firewall appliances at startup. The company wants to modernize the deployment of the firewall appliances. The firewall appliances need the ability to scale horizontally to handle increased traffic when the network expands. The company must continue to use the firewall appliances to comply with company policy. The provider of the firewall appliances has confirmed that the latest version of the firewall code will work with all AWS services. Which combination of steps should the solutions architect recommend to meet these requirements MOST cost-effectively? (Choose three.)
中文翻译:
一家公司使用 AWS Organizations。该公司在一个集中网络帐户中运行两个防火墙设备。每个防火墙设备都在手动配置的高可用 Amazon EC2 实例上运行。中转网关将集中网络账户的 VPC 连接到成员账户的 VPC。每个防火墙设备都使用静态专用 IP 地址,然后使用该地址将流量从成员帐户路由到互联网。在最近的一次事件中,配置错误的脚本启动了两个防火墙设备的终止。在重建防火墙设备期间,该公司编写了一个新脚本来在启动时配置防火墙设备。该公司希望实现防火墙设备部署的现代化。防火墙设备需要能够水平扩展,以在网络扩展时处理增加的流量。公司必须继续使用防火墙设备以遵守公司政策。防火墙设备提供商已确认最新版本的防火墙代码将适用于所有 AWS 服务。解决方案架构师应该推荐哪种步骤组合来最经济有效地满足这些要求? (选择三项。)
选项
A. Deploy a Gateway Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.
中文翻译:
在集中式网络帐户中部署网关负载均衡器。设置使用 AWS PrivateLink 的终端节点服务。
B. Deploy a Network Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.
中文翻译:
在集中网络帐户中部署网络负载均衡器。设置使用 AWS PrivateLink 的终端节点服务。
C. Create an Auto Scaling group and a launch template that uses the new script as user data to configure the firewall appliances. Create a target group that uses the instance target type.
中文翻译:
创建一个 Auto Scaling 组和一个启动模板,该模板使用新脚本作为用户数据来配置防火墙设备。创建使用实例目标类型的目标组。
D. Create an Auto Scaling group. Configure an AWS Launch Wizard deployment that uses the new script as user data to configure the firewall appliances. Create a target group that uses the IP target type.
中文翻译:
创建 Auto Scaling 组。配置 AWS 启动向导部署,该部署使用新脚本作为用户数据来配置防火墙设备。创建使用 IP 目标类型的目标组。
E. Create VPC endpoints in each member account. Update the route tables to point to the VPC endpoints.
中文翻译:
在每个成员账户中创建 VPC 终端节点。更新路由表以指向 VPC 终端节点。
F. Create VPC endpoints in the centralized networking account. Update the route tables in each member account to point to the VPC endpoints.
中文翻译:
在集中式网络帐户中创建 VPC 终端节点。更新每个成员账户中的路由表以指向 VPC 终端节点。
答案
ACF
解析
正确答案:ACF 解析: 本题应选择 ACF。 正确选项: A. 在集中式网络帐户中部署网关负载均衡器。设置使用 AWS PrivateLink 的终端节点服务。 C. 创建一个 Auto Scaling 组和一个启动模板,该模板使用新脚本作为用户数据来配置防火墙设备。创建使用实例目标类型的目标组。 F. 在集中式网络帐户中创建 VPC 终端节点。更新每个成员账户中的路由表以指向 VPC 终端节点。 选择理由: 该选项最直接地满足题干中...