NSE 7 – Public Cloud Security 6.4 — Question 25

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

Answer options

• A. Convert the c4.xlarge instances to m4.xlarge instances.
• B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
• C. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
• D. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.

Correct answer: D

Explanation

The correct answer is D because converting the transit VPC firewalls into an auto-scaling group allows for the dynamic addition of EC2 instances, which can help manage high CPU usage effectively. Options A and B only address instance type changes without increasing capacity, while option C changes the tunneling method but does not directly alleviate CPU load on the firewalls.