Answer-first summary for fast verification
Answer: By updating the private subnet's route table to an AWS Network Firewall and setting domain list rulegroups.
The correct answer is A. Updating the private subnet's route table to an AWS Network Firewall and configuring domain list rule groups effectively restricts internet traffic to only approved third-party software repositories. AWS Network Firewall can be used to filter traffic based on domain names, which aligns perfectly with the requirement to allow traffic only to specific URLs. Options B, C, and D either do not provide the necessary URL-based filtering at the required granularity or do not involve the appropriate network routing mechanisms to meet the outlined security requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a solutions architect secure a VPC hosting EC2 instances with sensitive data, ensuring they can only access approved third-party software repositories on the internet?
A
By updating the private subnet's route table to an AWS Network Firewall and setting domain list rulegroups.
B
By setting up an AWS WAF web ACL with custom rules based on IP address ranges.
C
By applying strict inbound security group rules and configuring outbound rules for authorized URLs.
D
By using an Application Load Balancer with a URL-based rule listener for EC2 instances' outbound internet access.
No comments yet.