ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 17 · Domain 1.2: Secure Workloads
A company needs to inspect all outbound traffic from their VPC to the internet. They want to implement stateful domain name (FQDN) filtering to ensure instances can only access approved external APIs. Which service provides this capability?
A company needs to inspect all outbound traffic from their VPC to the internet. They want to implement stateful domain name (FQDN) filtering to ensure instances can only access approved external APIs. Which service provides this capability?
Answer options:
A.
NAT Gateway
B.
Security Groups
C.
AWS Network Firewall
D.
AWS WAF
How to approach this question
Identify the need for outbound FQDN filtering. Network Firewall is the managed service for this.
Full Answer
C.AWS Network Firewall✓ Correct
AWS Network Firewall
AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all of your VPCs, including stateful inspection and domain name (FQDN) filtering for outbound traffic.
Common mistakes
Thinking Security Groups can filter by domain name.
Practice the full AWS SAA-C03 Practice Exam 3
65 questions · hints · full answers · grading
More questions from this exam
Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...EasyQ02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...MediumQ03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...EasyQ04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...MediumQ05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium