Basic Concept: AWS resilient VM-Series architectures normally combine multiple firewall instances, Auto Scaling, and Gateway Load Balancer for horizontal scale and AZ resilience.
Why C is Correct: An EC2 Auto Scaling group with VM-Series firewalls behind an AWS Gateway Load Balancer supports both multi-AZ availability and elastic scale.
Why A is Wrong: AWS Lambda function that monitors the firewall's health and re-routes traffic using the AWS API is a cloud deployment or routing approach, but it does not match the required managed insertion model, resilience pattern, or Panorama-controlled policy design in this scenario.
Why B is Wrong: PAN-OS active/active high availability (HA) pair with an AWS Transit Gateway is a cloud deployment or routing approach, but it does not match the required managed insertion model, resilience pattern, or Panorama-controlled policy design in this scenario.
Why D is Wrong: Single VM-Series firewall with an Elastic IP address that can be re-associated upon failure is a cloud deployment or routing approach, but it does not match the required managed insertion model, resilience pattern, or Panorama-controlled policy design in this scenario.
