Answer-first summary for fast verification
Answer: Create a third-party EC2 appliance in an Auto Scaling group fronted by a Network Load Balancer (NLB). Configure a mirror session. Specify the NLB as the mirror target. Specify a mirror filter to capture inbound and outbound traffic. For the source of the mirror session, specify the EC2 elastic network interfaces for all the instances that host the application.
The question requires a solution that ensures all network traffic to and from the EC2 instances is sent to a centralized third-party EC2 appliance for content inspection. Option A suggests using VPC flow logs and sending them to an S3 bucket, which does not meet the requirement for real-time content inspection. Option C proposes using Amazon Kinesis Data Firehose as a mirror target, which is not a standard method for mirroring network traffic for real-time inspection. Option D involves sending VPC flow logs to CloudWatch and then to Kinesis Data Firehose, which also does not provide real-time traffic mirroring for inspection. Option B is the correct solution as it involves creating a third-party EC2 appliance in an Auto Scaling group fronted by a Network Load Balancer (NLB), configuring a mirror session with the NLB as the mirror target, and specifying the EC2 elastic network interfaces as the source. This setup allows for real-time mirroring of inbound and outbound traffic to the third-party appliance for content inspection, meeting the company's regulatory requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company operates an application on a fleet of Amazon EC2 instances. A new regulation requires that all network traffic to and from these EC2 instances must be routed through a centralized third-party EC2 appliance for content inspection.
Which solution will fulfill these requirements?
A
Configure VPC flow logs on each EC2 network interface. Publish the flow logs to an Amazon S3 bucket. Create a third-party EC2 appliance to acquire flow logs from the S3 bucket. Log in to the appliance to monitor network content.
B
Create a third-party EC2 appliance in an Auto Scaling group fronted by a Network Load Balancer (NLB). Configure a mirror session. Specify the NLB as the mirror target. Specify a mirror filter to capture inbound and outbound traffic. For the source of the mirror session, specify the EC2 elastic network interfaces for all the instances that host the application.
C
Configure a mirror session. Specify an Amazon Kinesis Data Firehose delivery stream as the mirror target. Specify a mirror filter to capture inbound and outbound traffic. For the source of the mirror session, specify the EC2 elastic network interfaces for all the instances that host the application. Create a third-party EC2 appliance. Send all traffic to the appliance through the Kinesis Data Firehose delivery stream for content inspection.
D
Configure VPC flow logs on each EC2 network interface. Send the logs to Amazon CloudWatch. Create a third-party EC2 appliance. Configure a CloudWatch filter to send the flow logs to Amazon Kinesis Data Firehose to load the logs into the appliance.