🔥 3-day streak
AWS Certified Security - Specialty178 / 184
Question 178 of 184

A company runs a fleet of EC2 application servers in a private subnet of a VPC. The servers must download OS security patches and application updates from vendor repositories on the public internet, but the security team requires that no unsolicited inbound connection from the internet can ever reach these instances. The VPC currently has only public subnets with an internet gateway. Which change best meets these requirements?

Reviewed for accuracy · Report an issueNext question