🔥 3-day streak
AWS Certified Security - Specialty105 / 157
Question 105 of 157

A financial services company runs an internal fraud-scoring API on an Amazon EC2 fleet behind a Network Load Balancer in a provider VPC. They expose it to multiple consumer VPCs (belonging to different internal business units) through an AWS PrivateLink endpoint service. The security team requires that only specific approved consumer applications can send traffic to the service, and that the provider must enforce which source addresses within a consumer VPC can reach the endpoint at the network layer. Which approach correctly enforces this control on the traffic entering the interface endpoint from consumers?

Reviewed for accuracy · Report an issueNext question