A company has 50 VPCs across multiple AWS accounts. They want to inspect all traffic leaving the VPCs for the internet using a centralized firewall appliance. What is the MOST scalable architecture?

Answer options:

Deploy AWS Network Firewall in every VPC.

Use VPC Peering to connect all VPCs in a full mesh.

Connect all VPCs to an AWS Transit Gateway. Route traffic to a central inspection VPC.

Use AWS WAF on the internet gateways of all VPCs.

How to approach this question

Look for a hub-and-spoke network architecture.

Full Answer

C.Connect all VPCs to an AWS Transit Gateway. Route traffic to a central inspection VPC.✓ Correct

Connect all VPCs to an AWS Transit Gateway. Route internet-bound traffic to a central inspection VPC containing AWS Network Firewall.

AWS Transit Gateway acts as a central hub. Routing traffic to a dedicated inspection VPC allows centralized security inspection using AWS Network Firewall.

Common mistakes

Choosing VPC Peering for a large number of VPCs.

Question 13 All questions Question 15

Practice the full AWS SAA-C03 Practice Exam 2

65 questions · hints · full answers · grading

More questions from this exam

Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...Easy Q02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...Easy Q03A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires tha...Medium Q04An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different...Hard Q05A company needs to store database credentials securely. The credentials must be automatically rot...Medium

View all 65 questions →