NSE 8 – Network Security Expert (812) — Question 73

A customer’s cybersecurity department needs to implement security for the traffic between two VPCs in AWS, but these belong to different departments within the company. The company uses a single region for all their VPCs.
Which two actions will achieve this requirement while keeping separate management of each departments VPC? (Choose two.)

Answer options

• A. Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use routing tables to force traffic through the FortiGate cluster.
• B. Create an IAM account for the cybersecurity department to manage both existing VPC, create a FortiGate HA Cluster on each VPC and IPSEC VPN to force traffic between the VPCs through the FortiGate clusters.
• C. Migrate all the instances to the same VPC and create IAM accounts for each department, then implement a new subnet for a FortiGate auto-scaling group and use routing tables to force the traffic through the FortiGate cluster.
• D. Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPC to force routing through the FortiGate cluster.

Correct answer: A, D

Explanation

The correct answers are A and D because both options provide a method to secure traffic between the VPCs while allowing for separate management. Option A uses a transit VPC with a FortiGate cluster and VPC peering, while option D employs a Transit Gateway with a FortiGate auto-scaling group. Options B and C do not maintain the necessary separation for departmental management, as they involve either shared IAM accounts or migrating instances into a single VPC.