🔥 3-day streak
AWS Certified Security - Specialty94 / 157
Question 94 of 157
A company runs hundreds of EC2 instances across multiple private subnets in a single VPC. Security policy requires that outbound HTTPS traffic to the internet be allowed ONLY to an approved list of fully qualified domain names (for example, updates.vendor.com and api.partner.com), and all other outbound traffic must be denied and logged. The solution must be centrally managed, scale with the fleet, and inspect traffic at the application layer without deploying agents on the instances. Which approach best meets these requirements?
Reviewed for accuracy · Report an issueNext question