AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A solutions architect at a large company is tasked with establishing network security for outbound internet traffic from all AWS accounts within an AWS Organizations setup. The organization comprises over 100 AWS accounts, interconnected via a centralized AWS Transit Gateway. Each account is equipped with both an internet gateway and a NAT gateway for managing outbound internet traffic. The company's operations are confined to a single AWS Region. The requirement is to implement a centralized, rule-based filtering mechanism for all outbound internet traffic across all AWS accounts in the organization, with the constraint that the peak outbound traffic load per Availability Zone does not surpass 25 Gbps. Which solution effectively fulfills these requirements?
A
Establish a new VPC dedicated to outbound internet traffic. Integrate this new VPC with the existing transit gateway. Set up a new NAT gateway. Deploy an Auto Scaling group of Amazon EC2 instances configured to operate an open-source internet proxy for rule-based filtering across all Availability Zones within the Region. Adjust all default routes to direct traffic through the proxy's Auto Scaling group.
B
Designate a new VPC for outbound internet traffic and connect it to the existing transit gateway. Install a new NAT gateway. Employ an AWS Network Firewall for rule-based filtering and establish Network Firewall endpoints in each Availability Zone. Update all default routes to route traffic through the Network Firewall endpoints.
C
Deploy an AWS Network Firewall for rule-based filtering within each AWS account. Modify all default routes in each account to direct traffic through the respective Network Firewall.
D
Within each AWS account, launch an Auto Scaling group of network-optimized Amazon EC2 instances running an open-source internet proxy for rule-based filtering. Reconfigure all default routes to channel traffic through the proxy's Auto Scaling group.