A network engineer aims to enhance the security of an existing AWS environment by deploying an AWS Network Firewall to manage internet-bound traffic. The environment includes five VPCs, each with an internet gateway, NAT gateways, public Application Load Balancers (ALBs), and EC2 instances in private subnets, spanning two Availability Zones. The engineer must configure rules for public IP addresses, regardless of traffic direction, while minimizing changes to the production setup and ensuring high availability.

Which two steps should the network engineer take to fulfill these requirements?

Exam-Like

Create a centralized inspection VPC with subnets in two Availability Zones. Deploy Network Firewall in this inspection VPC with an endpoint in each Availability Zone.

Configure new subnets in two Availability Zones in each VPC. Deploy Network Firewall in each VPC with an endpoint in each Availability Zone.

Deploy Network Firewall in each VPUse existing subnets in each of the two Availability Zones to deploy Network Firewall endpoints.

Update the route tables that are associated with the private subnets that host the EC2 instances. Add routes to the Network Firewall endpoints.

Update the route tables that are associated with the public subnets that host the NAT gateways and the ALBs. Add routes to the Network Firewall endpoints.

AWS Certified Advanced Networking - Specialty

Comments

Get started today