AWS Certified Solutions Architect – Associate (SAA-C03) — Question 8

A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud.
Which solution will meet these requirements?

Answer options

• A. Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC.
• B. Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.
• C. Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC.
• D. Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC.

Correct answer: C

Explanation

The correct answer is C because AWS Network Firewall is specifically designed to create customized rules for traffic inspection and filtering within a VPC, meeting the company's needs. Option A, Amazon GuardDuty, is more focused on threat detection rather than traffic filtering. Option B, Traffic Mirroring, is useful for traffic analysis but doesn't provide direct traffic filtering capabilities. Option D, AWS Firewall Manager, is for managing firewall rules across accounts and does not directly handle the inspection and filtering tasks as required.