🔥 3-day streak
AWS Certified Security - Specialty130 / 157
Question 130 of 157

A company runs a fleet of EC2 instances in a private subnet that must only initiate outbound HTTPS connections to a specific partner's API at the IP range 203.0.113.0/24. A security review reveals the instances' security group currently allows all outbound traffic (0.0.0.0/0 on all ports). The security engineer must enforce least-privilege egress while ensuring return traffic from the partner API is still permitted. Which change satisfies these requirements with the least operational overhead?

Reviewed for accuracy · Report an issueNext question