AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
What is the MOST operationally efficient solution for a company hosting external websites on AWS with multiple tiers (web servers, application logic services, and databases) that ensures appropriate deployment of AWS Network Firewall within relevant VPCs, enables centralized management of Network Firewall policies and AWS WAF rules, and allows application teams to manage their own security groups while preventing overly permissive access?
Explanation:
The most operationally efficient solution that meets the company's requirements is to use AWS Firewall Manager for centralized management of AWS WAFv2 web ACLs, Network Firewall policies, and VPC security groups, while also leveraging AWS CloudFormation for the initial deployment and definition of these resources in code. This approach allows for the centralized management of security policies and rules, ensuring consistency and compliance across the environment. Additionally, using Amazon GuardDuty to monitor for overly permissive rules adds an extra layer of security by identifying and alerting on potential security risks. Option D is the correct choice because it combines the use of AWS CloudFormation for initial deployment and AWS Firewall Manager for ongoing management, along with Amazon GuardDuty for monitoring, which aligns with the company's requirements for operational efficiency, centralized policy management, and security monitoring.