🔥 3-day streak
AWS Certified Advanced Networking - Specialty50 / 141
Question 50 of 141

A financial services company routes all outbound internet traffic from its VPCs through a centralized inspection VPC that uses AWS Network Firewall. Compliance requires that the firewall block access to any HTTPS destination outside an approved list of fully qualified domain names (FQDNs). Currently the firewall's stateful rules match on the TLS Server Name Indication (SNI), but security auditors report that some clients bypass the controls by sending a benign SNI while connecting to a disallowed domain. Which change most directly closes this gap while keeping the approved-domain allow-list model?

Reviewed for accuracy · Report an issueNext question