Learn how to make traffic inspection resilient to Availability Zone maintenance with redundant instances and cross-zone load balancing capabilities of Gateway Load Balancers on AWS.
Table of Contents
Question
A company’s application is deployed on Amazon EC2 instances in a single VPC in an AWS Region. The EC2 instances are running in two Availability Zones. The company decides to use a fleet of traffic inspection instances from AWS Marketplace to inspect traffic between the VPC and the internet. The company is performing tests before the company deploys the architecture into production.
The fleet is located in a shared inspection VPC behind a Gateway Load Balancer (GWLB). To minimize the cost of the solution, the company deployed only one inspection instance in each Availability Zone that the application uses.
During tests, a network engineer notices that traffic inspection works as expected when the network is stable. However, during maintenance of the inspection instances, the internet sessions time out for some application instances. The application instances are not able to establish new sessions.
Which combination of steps will remediate these issues? (Choose two.)
A. Deploy one inspection instance in the Availability Zones that do not have inspection instances deployed.
B. Deploy one additional inspection instance in each Availability Zone where the inspection instances are deployed.
C. Enable the cross-zone load balancing attribute for the GWLB.
D. Deploy inspection instances in an Auto Scaling group. Define a scaling policy that is based on CPU load.
E. Attach the GWLB to all Availability Zones in the Region.
Answer
B. Deploy one additional inspection instance in each Availability Zone where the inspection instances are deployed.
C. Enable the cross-zone load balancing attribute for the GWLB.
Explanation
This combination:
B – Provides redundancy within each AZ for the inspection instances
C – Allows the GWLB to load balance across zones
The other options do not fully address the problem:
A – Does not provide redundancy in the affected zones
D/E – Auto scaling and regional scope not relevant for zonal issues
By deploying redundant inspection capacity in each AZ and enabling cross-zone load balancing, this ensures traffic can be inspected even during maintenance due to the additional capacity and ability to route to alternative zones.
AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.