🔥 3-day streak
AWS Certified Security - Specialty122 / 184
Question 122 of 184

A financial services company runs a fleet of EC2 instances in private subnets that must reach only a small, approved set of external SaaS endpoints (identified by domain name) over HTTPS. Traffic to any other external destination must be blocked and logged. The instances have no public IPs and route outbound traffic through a NAT gateway. Security groups and NACLs currently allow all outbound traffic on port 443. Which solution best enforces domain-based egress filtering with centralized inspection and logging?

Reviewed for accuracy · Report an issueNext question