Multiple Choice
You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CDNs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet. Which of the following options would you consider?
A) Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
B) Implement security groups and configure outbound rules to only permit traffic to software depots.
C) Move all your instances into private VPC subnets remove default routes from all routing tables and add specific routes to the software depots and distributions only.
D) Implement network access control lists to all specific destinations, with an Implicit deny all rule.
Correct Answer:
Verified
Correct Answer:
Verified
Q727: A company's factory and automation applications are
Q728: A company runs an IoT platform on
Q729: A company needs to move its on-premises
Q730: A company has a requirement that only
Q731: A user is using CloudFormation to launch
Q733: An organization is undergoing a security audit.
Q734: An on-premises application will be migrated to
Q735: Your system recently experienced down time during
Q736: A large company in Europe plans to
Q737: In an AWS CloudFormation template, each resource