SAP-C02 Study Assistant

SAP-C02 Question 471

Transit Gateway VPC EC2 Organizations Config Auto Scaling

Question

A company uses AWS Organizations. The company runs two firewall appliances in a centralized networking account. Each firewall appliance runs on a manually configured highly available Amazon EC2 instance. A transit gateway connects the VPC from the centralized networking account to VPCs of member accounts. Each firewall appliance uses a static private IP address that is then used to route traffic from the member accounts to the internet. During a recent incident, a badly configured script initiated the termination of both firewall appliances. During the rebuild of the firewall appliances, the company wrote a new script to configure the firewall appliances at startup. The company wants to modernize the deployment of the firewall appliances. The firewall appliances need the ability to scale horizontally to handle increased traffic when the network expands. The company must continue to use the firewall appliances to comply with company policy. The provider of the firewall appliances has confirmed that the latest version of the firewall code will work with all AWS services. Which combination of steps should the solutions architect recommend to meet these requirements MOST cost-effectively? (Choose three.)

Options

A. Deploy a Gateway Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.

B. Deploy a Network Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink.

C. Create an Auto Scaling group and a launch template that uses the new script as user data to configure the firewall appliances. Create a target group that uses the instance target type.

D. Create an Auto Scaling group. Configure an AWS Launch Wizard deployment that uses the new script as user data to configure the firewall appliances. Create a target group that uses the IP target type.

E. Create VPC endpoints in each member account. Update the route tables to point to the VPC endpoints.

F. Create VPC endpoints in the centralized networking account. Update the route tables in each member account to point to the VPC endpoints.

Answer

ACF

Explanation

Correct answer: ACF Explanation: The best answer is ACF. Correct option: A. Deploy a Gateway Load Balancer in the centralized networking account. Set up an endpoint service that uses AWS PrivateLink. C. Create an Auto Sc...

Log in to view the full explanation