You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CDNs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet. Which of the following options would you consider?
A) Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
B) Implement security groups and configure outbound rules to only permit traffic to software depots.
C) Move all your instances into private VPC subnets remove default routes from all routing tables and add specific routes to the software depots and distributions only.
D) Implement network access control lists to all specific destinations, with an Implicit deny all rule.
Correct Answer:
Verified
Q23: Q24: A customer has established an AWS Direct Q25: A customer has a 10 GB AWS Q26: You are migrating a legacy client-server application Q27: You need a persistent and durable storage Q29: A company is running a batch analysis Q30: You have deployed a three-tier web application Q31: Which is a valid Amazon Resource name Q32: Your company has HQ in Tokyo and Q33: You are responsible for a web application
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents