AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Explanation:

Explanation

Among the given options, AWS Network Firewall is the most appropriate choice for this requirement because:

AWS Network Firewall is a stateful firewall service that can filter traffic at the network level, including blocking access to specific websites based on domain names or IP addresses
It can be configured with custom rules to deny outbound traffic to known malicious websites
It operates at the VPC level, which can protect Amazon WorkSpaces instances running within the VPC

Why the other options are not suitable:

AWS Shield Advanced: This is a DDoS protection service that protects against distributed denial-of-service attacks, not for blocking specific websites
Amazon Route 53: This is a DNS service for domain name resolution, not for website blocking
Amazon GuardDuty: This is a threat detection service that monitors for suspicious activity and potential threats, but it doesn't actively block access to websites

Important Note:

While AWS Network Firewall can help with network-level blocking, it's worth noting that for comprehensive endpoint web filtering on virtual desktops like Amazon WorkSpaces, companies often use:

Third-party endpoint security solutions
Cloud-based web filtering services (like Zscaler, Cisco Umbrella)
DNS filtering services
Browser security extensions

However, among the AWS-native options provided, AWS Network Firewall is the most relevant for this network-level filtering requirement.

Explanation:

Explanation

Among the given options, AWS Network Firewall is the most appropriate choice for this requirement because:

AWS Network Firewall is a stateful firewall service that can filter traffic at the network level, including blocking access to specific websites based on domain names or IP addresses
It can be configured with custom rules to deny outbound traffic to known malicious websites
It operates at the VPC level, which can protect Amazon WorkSpaces instances running within the VPC

Why the other options are not suitable:

AWS Shield Advanced: This is a DDoS protection service that protects against distributed denial-of-service attacks, not for blocking specific websites
Amazon Route 53: This is a DNS service for domain name resolution, not for website blocking
Amazon GuardDuty: This is a threat detection service that monitors for suspicious activity and potential threats, but it doesn't actively block access to websites

Important Note:

While AWS Network Firewall can help with network-level blocking, it's worth noting that for comprehensive endpoint web filtering on virtual desktops like Amazon WorkSpaces, companies often use:

Third-party endpoint security solutions
Cloud-based web filtering services (like Zscaler, Cisco Umbrella)
DNS filtering services
Browser security extensions

However, among the AWS-native options provided, AWS Network Firewall is the most relevant for this network-level filtering requirement.

Comments (0)

No comments yet.

A company provides Amazon WorkSpaces to its remote employees. The company wants to prevent employees from using their virtual desktops to visit specific websites that are known to be malicious. Which AWS service should the company use to meet this requirement?

Real Exam

Community

RRitesh

AWS Shield Advanced

16.7%

Amazon Route 53

0.0%

Amazon GuardDuty

16.7%

AWS Network Firewall

66.7%