ExpertAWS SAP-C02 · Question 02 · Domain 1.1: Network Connectivity
An organization has 50 VPCs across two AWS Regions connected via Transit Gateways (TGW). The TGWs are peered. The security team mandates that all inter-VPC traffic must be inspected by a centralized fleet of third-party firewall appliances. How should the architect design this network?
An organization has 50 VPCs across two AWS Regions connected via Transit Gateways (TGW). The TGWs are peered. The security team mandates that all inter-VPC traffic must be inspected by a centralized fleet of third-party firewall appliances. How should the architect design this network?
Answer options:
Deploy firewall appliances on EC2 instances in each VPC. Update VPC route tables to route traffic through the local firewall.
Deploy Gateway Load Balancers (GWLB) with the firewall appliances in a centralized inspection VPC in each region. Route traffic from TGW to the GWLB endpoints.
Use AWS Network Firewall in every VPC and peer them using VPC peering instead of TGW.
Deploy an Application Load Balancer in a central VPC and route all TGW traffic through it.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 6
75 questions · hints · full answers · grading