🔥 3-day streak
AWS Certified Solutions Architect - Professional109 / 186
Question 109 of 186

A financial services company runs 40 workload accounts under AWS Organizations, all connected through a central networking account using AWS Transit Gateway. The security team requires that all outbound DNS queries from every VPC be filtered against a managed blocklist of malicious domains, and that this filtering be enforced centrally without requiring each workload team to configure anything in their own accounts. The solution must allow the security team to update the blocklist in one place and have it apply everywhere. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question