🔥 3-day streak
AWS Certified Advanced Networking - Specialty43 / 141
Question 43 of 141

A financial services company operates a multi-account AWS Organization with a centralized inspection VPC that hosts AWS Network Firewall. The security governance team must guarantee that every stateful rule group deployed across all firewall policies in every member account enforces a mandatory drop rule for known malicious domains, and they must be automatically alerted whenever a firewall policy is created or modified in a way that removes this baseline protection. The team wants a scalable, organization-wide approach that centralizes rule management while continuously auditing compliance. Which combination BEST meets these requirements?

Reviewed for accuracy · Report an issueNext question