A company is deploying third-party firewall appliances for traffic inspection and NAT cap…

Question

A company is deploying third-party firewall appliances for traffic inspection and NAT capabilities in its VPC. The VPC is configured with private subnets and public subnets. The company needs to deploy the firewall appliances behind a load balancer. Which architecture will meet these requirements MOST cost-effectively?

Accepted Answer

Correct answer: B. B. Deploy a Gateway Load Balancer with the firewall appliances as targets. Configure the firewall appliances with two network interfaces: one network interface in a private subnet and another network interface in a public subnet. Use the NAT functionality on the firewall appliances to send the traffic to the internet after inspection. — Option B is correct because it utilizes a Gateway Load Balancer with two network interfaces that allow the firewall appliances to inspect traffic efficiently while also enabling NAT functionality. This setup is more cost-effective as it eliminates the need for an additional NAT gateway and maintains better performance. The other options either use a Network Load Balancer, which is not as optimal for this scenario, or do not leverage the NAT capabilities of the firewall appliances effectively.

AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 79

Answer options

Correct answer: B

Explanation