AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
A company is moving critical applications to AWS, with multiple accounts and VPCs interconnected via a transit gateway. A network engineer needs to design a solution that conducts deep packet inspection for all traffic exiting a VPC boundary, ensuring that all inspected traffic and corresponding actions are logged in a central log account. What solution meets these requirements with minimal administrative effort?
A company is moving critical applications to AWS, with multiple accounts and VPCs interconnected via a transit gateway. A network engineer needs to design a solution that conducts deep packet inspection for all traffic exiting a VPC boundary, ensuring that all inspected traffic and corresponding actions are logged in a central log account. What solution meets these requirements with minimal administrative effort?
Explanation:
The question requires a solution that performs deep packet inspection for traffic leaving a VPC network boundary and logs all inspected traffic and actions in a central log account with the least administrative overhead. Option A suggests using an AWS Gateway Load Balancer backed by third-party, next-generation firewall appliances in a central network VPC. This setup allows for deep packet inspection by the firewall appliances, and the traffic and actions can be logged in an Amazon S3 bucket in the central log account. This solution centralizes the inspection and logging processes, reducing administrative overhead by leveraging AWS managed services and third-party appliances for deep packet inspection. Options B, C, and D either do not provide deep packet inspection (C), do not centralize logging effectively (B), or do not use the most efficient AWS service for the task (D). Therefore, Option A is the most suitable solution.