🔥 3-day streak
AWS Certified Advanced Networking - Specialty42 / 141
Question 42 of 141

A financial services company runs a centralized inspection VPC using AWS Network Firewall to inspect all egress traffic from workload VPCs attached to a Transit Gateway. Auditors require that the security team be able to prove, on demand, exactly which domains each workload attempted to reach over the past 90 days, including connections that were ultimately blocked, without dropping any legitimate traffic during the initial rollout. The security team wants to introduce a new set of stateful rules but is concerned about accidentally blocking business-critical traffic before the rules are validated. Which approach best satisfies both the audit-evidence and safe-rollout requirements?

Reviewed for accuracy · Report an issueNext question