🔥 3-day streak
AWS Certified Security - Specialty97 / 157
Question 97 of 157

A financial services company routes all outbound VPC traffic through AWS Network Firewall. The security team must inspect the payload of outbound HTTPS connections to detect data exfiltration hidden inside encrypted sessions, while allowing employees to reach approved SaaS providers. Currently, Network Firewall can only match on the SNI of the TLS handshake and cannot see inside the encrypted traffic. Which approach lets the firewall inspect the decrypted application-layer content at scale without deploying third-party proxy appliances?

Reviewed for accuracy · Report an issueNext question