A security audit reveals that several Amazon EC2 instances in a VPC have unrestricted outbound internet access. The security team requires that all outbound traffic be inspected, and access to known malicious domains must be blocked. The solution must be highly available and scale automatically. Which combination of steps should the architect take? (Select TWO)

Deploy AWS Network Firewall in a dedicated inspection VPC.

Configure Security Groups on all EC2 instances to block outbound traffic to malicious IP addresses.

Deploy a fleet of open-source proxy servers on EC2 instances in an Auto Scaling group.

Route all outbound traffic from the application VPCs through a Transit Gateway to the inspection VPC.

Enable AWS WAF on the EC2 instances to filter outbound requests.

Use Amazon Macie to detect malicious outbound network patterns.