A network engineer aims to enhance the security of an existing AWS environment by deploying an AWS Network Firewall to manage internet-bound traffic. The environment includes five VPCs, each with an internet gateway, NAT gateways, public Application Load Balancers (ALBs), and EC2 instances in private subnets, spanning two Availability Zones. The engineer must configure rules for public IP addresses, regardless of traffic direction, while minimizing changes to the production setup and ensuring high availability. Which two steps should the network engineer take to fulfill these requirements? | AWS Certified Advanced Networking - Specialty Quiz