Answer-first summary for fast verification
Answer: Use an AWS Network Firewall centralized deployment model in each VPC.
To meet the customer's requirements for adding intrusion prevention without re-architecting the environment and accommodating unencrypted traffic, the best solution is to use an AWS Network Firewall. The AWS Network Firewall can be deployed in a centralized or distributed model. However, given the requirement to not re-architect the environment and the specific mention of VPC-to-VPC connectivity through VPC peering, a centralized deployment model (Option B) is more suitable. This model allows for a single firewall instance to protect multiple VPCs, simplifying management and reducing the need for architectural changes. Configuring VPC security groups and network ACLs (Option A) does not provide intrusion prevention capabilities. Deploying AWS Shield (Option D) is focused on DDoS protection, not intrusion prevention. Therefore, the correct answer is B.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A consulting firm oversees AWS accounts for its clients. One client requires intrusion prevention for their environment without re-architecting the setup. The environment consists of five VPCs across two AWS Regions in the United States, connected via VPC peering. The client does not anticipate adding more VPCs in the next two years. The solution must support unencrypted traffic.
Which solution fulfills these requirements?
A
Configure VPC security groups and network ACLs.
B
Use an AWS Network Firewall centralized deployment model in each VPC.
C
Use an AWS Network Firewall distributed deployment model in each VPC.
D
Deploy AWS Shield in each VPC.
No comments yet.