ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 14 · Domain 1.2: Secure Workloads
A company wants to inspect all outbound traffic from its VPC to the internet. The security team requires deep packet inspection, stateful domain name filtering, and intrusion prevention system (IPS) capabilities.<br/><br/>Which AWS service should be implemented?
A company wants to inspect all outbound traffic from its VPC to the internet. The security team requires deep packet inspection, stateful domain name filtering, and intrusion prevention system (IPS) capabilities.<br/><br/>Which AWS service should be implemented?
Answer options:
A.
AWS WAF
B.
NAT Gateway
C.
AWS Network Firewall
D.
VPC Flow Logs
How to approach this question
Identify the service that provides IPS and deep packet inspection for VPC traffic.
Full Answer
C.AWS Network Firewall✓ Correct
AWS Network Firewall provides fine-grained control over network traffic. It includes a flexible rules engine that lets you define firewall rules that give you fine-grained control over network traffic, including stateful domain filtering and IPS.
Common mistakes
Confusing AWS WAF (Layer 7 web traffic) with Network Firewall (Layer 3-7 VPC traffic).
Practice the full AWS SAA-C03 Practice Exam 6
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A company has two AWS accounts: Account A for development and Account B for production. Developer...MediumQ03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...EasyQ04A company is running an application on Amazon EC2 instances. The application needs to connect to ...MediumQ05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy