AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an AWS Lambda function that queries the EC2 instance tags for each application name and then updates the stateful rule group with the IP address of each instance.

To ensure that the Network Firewall stateful rule group remains up-to-date with the least implementation and administrative effort, the best approach is to use AWS Lambda functions. This is because AWS Lambda can automatically query the EC2 instance tags for each application name and update the stateful rule group with the IP addresses of each instance as they are launched or terminated by the Auto Scaling groups. This method is dynamic and requires minimal manual intervention once set up, making it the most efficient solution among the options provided. Option A and B involve static configurations (network ACLs and prefix lists) that would require manual updates whenever EC2 instances are launched or terminated, leading to higher administrative effort. Option D, using resource groups, does not directly relate to updating IP addresses in the stateful rule group based on EC2 instance tags.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Create an AWS Lambda function that queries the EC2 instance tags for each application name and then updates the stateful rule group with the IP address of each instance.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company utilizes AWS Network Firewall to secure outgoing traffic across multiple VPCs within the same AWS account. Each VPC includes Amazon EC2 instances, tagged with the application they host, and these instances are part of Auto Scaling groups.

To ensure the Network Firewall stateful rule group stays current as EC2 instances are launched or terminated by Auto Scaling, which solution requires the LEAST implementation and administrative effort?

Exam-Like

Create a network ACL for each application. Reference the network ACL in the stateful rule group.

16.7%

Create a prefix list for each application. Reference the prefix list in the stateful rule group.

16.7%

Create an AWS Lambda function that queries the EC2 instance tags for each application name and then updates the stateful rule group with the IP address of each instance.

33.3%

Create a resource group for each application name. Reference the Amazon Resource Name (ARN) for the resource groups in the stateful rule group.

33.3%