AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC.

Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.

Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC.

Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC.

Explanation:

Explanation

AWS Network Firewall is the correct solution because:

Purpose-built for traffic inspection and filtering: AWS Network Firewall is a managed network firewall service that provides stateful inspection, intrusion prevention and detection, and web filtering capabilities.
Direct replacement for on-premises inspection servers: It can perform the same functions as traditional on-premises inspection servers including:
- Traffic flow inspection
- Traffic filtering based on rules
- Deep packet inspection
- Protocol-specific filtering
VPC-level protection: It can be deployed at the VPC level to inspect and filter traffic flowing in and out of the production VPC.

Why other options are incorrect:

A. Amazon GuardDuty: This is a threat detection service that uses machine learning to identify threats, but it's not designed for real-time traffic inspection and filtering. It's more for monitoring and alerting rather than active traffic control.
B. Traffic Mirroring: This service copies network traffic for analysis but doesn't perform filtering or inspection itself. It's a passive monitoring tool, not an active security control.
D. AWS Firewall Manager: This is a security management service that helps centrally configure and manage firewall rules across accounts and applications, but it doesn't perform the actual traffic inspection and filtering. It works with AWS Network Firewall, AWS WAF, and AWS Shield to manage their configurations.

Key AWS Network Firewall features:

Stateful firewall rules
Intrusion prevention system (IPS)
Web filtering
Supports Suricata rules format
Can be deployed in VPCs with centralized management
Integrates with AWS Firewall Manager for multi-account management

This solution directly addresses the requirement to replicate the on-premises inspection server functionality in AWS.

Powered ByGPT-5.2

Comments

Loading comments...