Examice

Exam ANS-C01 All QuestionsBrowse all questions from this exam

Question 133

A company's application is deployed on Amazon EC2 instances in a single VPC in an AWS Region. The EC2 instances are running in two Availability Zones. The company decides to use a fleet of traffic inspection instances from AWS Marketplace to inspect traffic between the VPC and the internet. The company is performing tests before the company deploys the architecture into production.

The fleet is located in a shared inspection VPC behind a Gateway Load Balancer (GWLB). To minimize the cost of the solution, the company deployed only one inspection instance in each Availability Zone that the application uses.

During tests, a network engineer notices that traffic inspection works as expected when the network is stable. However, during maintenance of the inspection instances, the internet sessions time out for some application instances. The application instances are not able to establish new sessions.

Which combination of steps will remediate these issues? (Choose two.)

Deploy one inspection instance in the Availability Zones that do not have inspection instances deployed.

Deploy one additional inspection instance in each Availability Zone where the inspection instances are deployed.

Enable the cross-zone load balancing attribute for the GWLB.

Deploy inspection instances in an Auto Scaling group. Define a scaling policy that is based on CPU load.

Attach the GWLB to all Availability Zones in the Region.

Correct Answer: B, C

To remediate the maintenance issue affecting internet sessions, deploying one additional inspection instance in each Availability Zone ensures redundancy. This provides coverage if an inspection instance undergoes maintenance, thus maintaining traffic inspection without session timeouts. Additionally, enabling cross-zone load balancing for the Gateway Load Balancer (GWLB) distributes traffic evenly across all registered instances in different Availability Zones, maintaining session persistence and stability during maintenance activities.

Discussion

Balasmaniam

Ans :BC https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-inspection-architecture-with-aws-gateway-load-balancer-and-aws-transit-gateway/

ExamTopix01

It's CD

seochanOptions: CD

I think it's CD, because the purpose is to "remediate" the problem, and just adding one additional inspection instance cannot assure remediation of this problem.

MohamedSherif1Options: CD

why not CD?

Certified101Options: BC

BC is correct

[Removed]

My 5 cent why I think D cannot be right. The scenario does not mention anything on CPU related issues. So let's say we prepare a CPU based ASG we still would only have 2 instances, one per AZ and the degradation in maintenance case would be the same, one AZ would have no target, same impact. So although we want to minimize cost, B is better than D imho.

michele_scarOptions: BC

A and E wrong. It's between B C D. Should be correct D but autoscaling gruop with CPU load not solve the issue, you have to detach the instance, make maintenance and after re-attach to ASG. It's complicated. Finally B C correct.

vikasj1inOptions: CD

A. might distribute the load better across Availability Zones, but it does not directly address the issue of sessions timing out during maintenance. B. could help distribute the load and provide redundancy, but it might not fully address the issue of sessions timing out during maintenance. C. This helps maintain session persistence during maintenance activities. D. Deploying inspection instances in an Auto Scaling group allows the system to automatically replace instances that are undergoing maintenance or experiencing issues. Defining a scaling policy based on CPU load ensures that additional instances are added to handle increased traffic during maintenance, reducing the impact on existing sessions. E. This helps maintain session persistence during maintenance activities. However, this alone may not fully address the issue if there are not enough healthy instances to handle the traffic.

jorgesoma

It's a confused answer. Could be CD or BC... Non clear question from AWS dump.

AradOptions: CD

I think CD is correct. The solution should be cost-effective, so why deploying an extra instance to site there when it is not necessary all the time, autoscaling group deploys an extra instance just when it is required, not always.

_mavik_

The solution should be cost-effective - there is not a requiremet. BC.

Tofu13Options: BC

Same Link as Balasmaniam. Point 3 When you enable cross-zone load balancing, GWLB distributes traffic across all registered and healthy targets regardless of which AZs these targets are in.

ISSDoksim

BC - https://aws.amazon.com/blogs/networking-and-content-delivery/best-practices-for-deploying-gateway-load-balancer/

Akshay0403Options: BC

Clearly BC. Questions says ""during maintenance of the inspection instances". So deploying additional instances in each AZ will address this issue

hogtroughOptions: CD

Answer is CD. Not only is autoscaling cost-effective compared to a deploying an instance that will run forever simply for maintenance purposes, it will ensure that the performance needs are met.