Answer-first summary for fast verification
Answer: Create a network policy to share the inspection service segment with the BU segment., Set the isolate-attachments field to True for the BU segment.
To meet the requirements in the most operationally efficient way, the company needs to ensure that the new BU VPCs do not communicate with each other and that all internet-bound traffic is inspected in the inspection VPC. Option B, creating a network policy to share the inspection service segment with the BU segment, ensures that all internet-bound traffic from the BU VPCs is routed through the inspection VPC for inspection. Option C, setting the isolate-attachments field to True for the BU segment, ensures that the BU VPCs cannot communicate with each other, which is a regulatory requirement. These two options together provide a solution that meets all the requirements efficiently. Option A is not suitable because sharing the shared services segment with the BU segment does not ensure that internet-bound traffic is inspected. Option D is incorrect because setting the isolate-attachments field to False would allow BU VPCs to communicate with each other, violating the regulatory requirement. Option E, while it could potentially route traffic correctly, does not directly address the requirement for traffic inspection or the isolation of BU VPCs from each other, making it less operationally efficient than options B and C.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company utilizes AWS Cloud WAN with edge locations in the us-east-1 and us-west-1 Regions, each hosting a shared services segment. These segments have VPC attachments to inspection VPCs in both Regions, which inspect WAN traffic using AWS Network Firewall.
The company introduces a new segment for a business unit (BU) in the us-east-1 edge location, with three VPCs attached to this segment. Regulatory requirements mandate that the BU VPCs cannot communicate with each other, and all internet-bound traffic must be inspected in the inspection VPC.
The company configures VPC route tables to direct internet-bound traffic to the AWS Cloud WAN core network. Additional VPCs for the BU will be added in the future, all of which must comply with the same regulations.
Which two solutions will meet these requirements in the MOST operationally efficient manner?
A
Update the network policy to share the shared services segment with the BU segment.
B
Create a network policy to share the inspection service segment with the BU segment.
C
Set the isolate-attachments field to True for the BU segment.
D
Set the isolate-attachments field to False for the BU segment.
E
Update the network policy to add static routes for the BU segment. Configure the shared services segment to route traffic related to VPC CIDR blocks to each respective VPC attachment.