NSE 7 – Public Cloud Security 6.4 — Question 14

An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.
This has now black-holed the private subnet in this availability zone.
What action will the worker node automatically perform to restore access to the black-holed subnet?

Answer options

• A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.
• B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.
• C. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.
• D. The worker node migrates the subnet to a different availability zone.

Correct answer: C

Explanation

The correct action is option C, as it involves modifying the route table to redirect traffic to a functioning FortiGate, thus restoring access to the black-holed subnet. Options A and B do not directly address the issue of the black-holed subnet, and option D is unnecessary since the goal is to restore access within the same availability zone.