🔥 3-day streak
AWS Certified Advanced Networking - Specialty51 / 141
Question 51 of 141
A financial services company runs a centralized inspection VPC with AWS Network Firewall for all outbound internet traffic from workloads across multiple accounts via a Transit Gateway. The security team must ensure that all data leaving the environment toward on-premises data centers over the Site-to-Site VPN is encrypted in transit, and that any workload attempting to establish an unencrypted (plaintext) connection to an external partner API endpoint is blocked. Traffic to the partner endpoint uses HTTPS on port 443, but the team suspects some legacy applications fall back to HTTP on port 80. Which approach BEST enforces encryption-in-transit requirements for the outbound partner traffic while minimizing operational overhead?
Reviewed for accuracy · Report an issueNext question