AWS Certified Solutions Architect – Professional (SAP-C02) — Question 119

A financial company is planning to migrate its web application from on premises to AWS. The company uses a third-party security tool to monitor the inbound traffic to the application. The company has used the security tool for the last 15 years, and the tool has no cloud solutions available from its vendor. The company's security team is concerned about how to integrate the security tool with AWS technology.

The company plans to deploy the application migration to AWS on Amazon EC2 instances. The EC2 instances will run in an Auto Scaling group in a dedicated VPC. The company needs to use the security tool to inspect all packets that come in and out of the VPC. This inspection must occur in real time and must not affect the application's performance. A solutions architect must design a target architecture on AWS that is highly available within an AWS Region.

Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

Answer options

• A. Deploy the security tool on EC2 instances m a new Auto Scaling group in the existing VPC
• B. Deploy the web application behind a Network Load Balancer
• C. Deploy an Application Load Balancer in front of the security tool instances
• D. Provision a Gateway Load Balancer for each Availability Zone to redirect the traffic to the security tool
• E. Provision a transit gateway to facilitate communication between VPCs.

Correct answer: A, D

Explanation

Choosing option A allows the security tool to run on EC2 instances within an Auto Scaling group, ensuring that it can scale with the application. Option D is also correct as it provides a Gateway Load Balancer that can redirect traffic to the security tool, allowing for real-time inspection. Options B and C do not directly integrate the security tool with the traffic flow for inspection, while option E does not address the need for real-time traffic inspection.