🔥 3-day streak
AWS Certified Security - Specialty130 / 184
Question 130 of 184

A company runs a fleet of EC2 instances across several private subnets in a VPC. The security team discovers that a compromised host attempted to exfiltrate data by resolving and connecting to a series of dynamically generated command-and-control (C2) domains. The team wants a managed AWS control that inspects outbound DNS queries at the VPC level and blocks queries to known-malicious and custom-defined domains, without deploying agents on each instance. Which solution best meets this requirement?

Reviewed for accuracy · Report an issueNext question