Which two statements apply to the management Cloud NGFW by AWS firewall manager? (Choose two.)
Which two statements apply to the management Cloud NGFW by AWS firewall manager? (Choose two.)
When managing Cloud NGFW with AWS Firewall Manager, firewall policies can be included only with specified accounts and organizational units (OUs). Additionally, endpoints are created via the firewall manager as part of the deployment process.
Answer BD: https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/deploy-cloud-ngfw-for-aws-with-the-aws-firewall-manager
B & C are wrong: "You can choose to Include all accounts under my AWS organization, Include on the specified accounts and organizational units, or Exclude specific accounts and organizational units, and include all others." During endpoint creation, you can select availability zones: "Cloud NGFW creates endpoints in your availabilty zones that need to be secured. These NGFW endpoints intercept and redirect traffic to Cloud NGFW for inspection and enforcement. The number and location of NGFW endpoints differs based on your deployment mode—distributed or centralized. You select the NGFW endpoint locations by choosing availability zone names or availability zone IDs. Keep in mind that availability zone names can differ between AWS accounts but availability zone IDs are consistent across all AWS accounts." [https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/deploy-cloud-ngfw-for-aws-with-the-aws-firewall-manager]