The Security Engineer is managing a web application that processes highly sensitive personal information. The application runs on Amazon EC2. The application has strict compliance requirements, which instruct that all incoming traffic to the application is protected from common web exploits and that all outgoing traffic from the EC2 instances is restricted to specific whitelisted URLs. Which architecture should the Security Engineer use to meet these requirements?
A) Use AWS Shield to scan inbound traffic for web exploits. Use VPC Flow Logs and AWS Lambda to restrict egress traffic to specific whitelisted URLs.
B) Use AWS Shield to scan inbound traffic for web exploits. Use a third-party AWS Marketplace solution to restrict egress traffic to specific whitelisted URLs.
C) Use AWS WAF to scan inbound traffic for web exploits. Use VPC Flow Logs and AWS Lambda to restrict egress traffic to specific whitelisted URLs.
D) Use AWS WAF to scan inbound traffic for web exploits. Use a third-party AWS Marketplace solution to restrict egress traffic to specific whitelisted URLs.
Correct Answer:
Verified
Q131: What are the MOST secure ways to
Q132: The Security Engineer for a mobile game
Q133: A Security Engineer discovered a vulnerability in
Q134: An Amazon EC2 instance is part of
Q135: A Security Engineer is looking for a
Q137: A company has multiple production AWS accounts.
Q138: Compliance requirements state that all communications between
Q139: The Security Engineer is given the following
Q140: A company maintains sensitive data in an
Q141: A company manages three separate AWS accounts
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents