Exam SAA-C03 All QuestionsBrowse all questions from this exam
Go to Exam
Question 19

A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets.

A solutions architect needs to integrate the web application with the appliance to inspect all traffic to the application before the traffic reaches the web server.

Which solution will meet these requirements with the LEAST operational overhead?

    Correct Answer: D

    The best solution to integrate the web application with the third-party virtual firewall appliance for traffic inspection is to deploy a Gateway Load Balancer in the inspection VPC. A Gateway Load Balancer is specifically designed to work with third-party appliances and provides a scalable, manageable way to inspect network traffic. By creating a Gateway Load Balancer endpoint, incoming packets can be forwarded to the firewall appliance with minimal operational overhead. This setup ensures that all traffic is inspected efficiently before reaching the web servers, adhering to the requirement of least operational overhead.

Discussion
CloudGuru99

Answer is D . Use Gateway Load balancer REF: https://aws.amazon.com/blogs/networking-and-content-delivery/scaling-network-traffic-inspection-using-aws-gateway-load-balancer/

pm2229

It's D, Coz.. Gateway Load Balancer is a new type of load balancer that operates at layer 3 of the OSI model and is built on Hyperplane, which is capable of handling several thousands of connections per second. Gateway Load Balancer endpoints are configured in spoke VPCs originating or receiving traffic from the Internet. This architecture allows you to perform inline inspection of traffic from multiple spoke VPCs in a simplified and scalable fashion while still centralizing your virtual appliances.

awsgeek75Option: D

Literally discussed over here: https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/getting-started.html

DigitalDannyOption: D

Gateway Load Balancer (GWLB): GWLB is designed for deploying third-party appliances and provides a scalable and easy way to route traffic through appliances. It operates at the network layer and can handle both TCP and UDP traffic. Operational Overhead: Deploying a GWLB in the inspection VPC and creating an endpoint involves less operational overhead compared to managing Load Balancers in the application's VPC. It allows for centralized management of the inspection process. This solution ensures that all traffic is routed through the Gateway Load Balancer for inspection before reaching the web servers, providing a scalable and efficient way to integrate the third-party virtual firewall appliance

zinabuOption: D

Gateway Load Balancers make it easy to deploy, scale, and manage third-party virtual appliances, such as security appliances.

OlaFemi

I'm choosing D, based on "A Gateway Load Balancer routes traffic to third-party virtual appliances. It is ideal for incorporating a third-party appliance, such as a network firewall, into your network traffic in a scalable and easy-to-manage way."

zinabu

selected answer: D Gateway Load Balancers make it easy to deploy, scale, and manage third-party virtual appliances, such as security appliances.

A_jaaOption: D

Answer-D

Michael_Li

D: Gateway Load Balancer helps you easily deploy, scale, and manage your third-party virtual appliances. It gives you one gateway for distributing traffic across multiple virtual appliances while scaling them up or down, based on demand. This decreases potential points of failure in your network and increases availability.

bishtr3

D : Gateway Load balancer : use when you have virtual appliances like IDP/IPS(instruction detection, prevention system.. ) & Firewall etc

ManikRoyOption: D

Intrusion prevention systems (IPS) is the main use case for gateway load Balancers. If you see a scenario for virtual Firewall Appliance, the answer is most likely to be GLB.

dangvanduc90Option: A

just public subnet and LEAST overhead

app12

We have 3 VPCs: Inspection --> Public --> Private In the Inspection VPC we have only the firewall which should then direct the traffic towards the Public VPC. So in any case the firewall is the only endpoint for incoming traffic so you don't need Load balancer in front of it. So if I understand correctly the setup should be: InspectionVPC(Firewall) --> Load Balancer --> PublicVPC(WebServers) -->PrivateVPC(DB Servers) So answer B looks correct to me.

NZaf985

Wrong there are only 2 VPC's in this example. Don't confuse VPC's with Subnets.

viruOption: D

Gateway load balancer when inline virtual appliance load balancing

leosmalOption: D

Gateway load balancer is the answer

Ruffyit

Organizations use next-generation firewalls (NGFW) and intrusion prevention systems (IPS) as part of their defense in depth strategy. In an on-premises network, these often take the form of dedicated hardware or software or virtual “appliances.” As companies move to the cloud, they want to add virtual appliances to their AWS environments. While spinning up these appliances from the AWS Marketplace is a relatively straight forward process, architecting for high availability and scalability are not always easy. The new AWS Gateway Load Balancer (GWLB) service is designed specifically to address these architectural challenges and make deploying, scaling, and running virtual appliances easier.

Ruffyit

D. GAteway load balancer