Which steps should the solutions architect recommend to meet these requirements?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company is deploying a third-party firewall appliance solution from AWS Marketplace to monitor and protect traffic that leaves the company’s AWS environments.The company wants to deploy this appliance into a shared services VPC and route all outbound internet-bound traffic through the appliances.A solutions architect needs to recommend a deployment method that prioritizes reliability and minimizes failover time between firewall appliances within a single AWS Region.The company has set up routing from the shared services VPC to other VPCs.

Which steps should the solutions architect recommend to meet these requirements?

(Choose three.)

Deploy two firewall appliances into the shared services VPC, each in a separate Availability Zone.

Create a new Network Load Balancer in the shared services VPC. Create a new target group, and attach it to the new Network Load Balancer. Add each of the firewall appliance instances to the target group.

Create a new Gateway Load Balancer in the shared services VPCreate a new target group, and attach it to the new Gateway Load Balancer Add each of the firewall appliance instances to the target group.

Create a VPC interface endpoint. Add a route to the route table in the shared services VPC. Designate the new endpoint as the next hop for traffic that enters the shared services VPC from other VPCs.

Deploy two firewall appliances into the shared services VPC, each in the same Availability Zone.

Create a VPC Gateway Load Balancer endpoint. Add a route to the route table in the shared services VPC. Designate the new endpoint as the next hop for traffic that enters the shared services VPC from other VPCs.

Explanations:

Deploying two firewall appliances in separate Availability Zones ensures high availability, reducing the risk of a single point of failure for outbound traffic.

Network Load Balancer is typically used for distributing traffic to instances. It’s not ideal for routing traffic through firewall appliances with failover features.

A Gateway Load Balancer is designed for this type of use case, providing seamless failover and traffic routing to firewall appliances with minimal downtime.

A VPC interface endpoint routes traffic to AWS services, not for directing traffic through firewall appliances in the VPC for outbound filtering.

Deploying two firewall appliances in the same Availability Zone does not provide the redundancy required for high availability in the event of a failure.

A VPC Gateway Load Balancer endpoint helps route traffic through firewall appliances, providing high availability and failover capabilities when using Gateway Load Balancer.

2025-10-18

1 Comment

  1. Karen
    Author

    I opine that the answer is:
    Deploy two firewall appliances into the shared services VPC, each in a separate Availability Zone.

Leave a Reply

Your email address will not be published. Required fields are marked *

four × 5 =