You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CONs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet. Which of the following options would you consider?
A. Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
B. Implement security groups and configure outbound rules to only permit traffic to software depots.
C. Move all your instances into private VPC subnets remove default routes from all routing tables and add
specific routes to the software depots and distributions only.
D. Implement network access control lists to all specific destinations, with an Implicit deny as a rule.
Answer: A. Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.
You might also like to view...
The ScriptManager control _________.
a) is the key control in Ajax apps b) is placed before the controls it affects c) cannot be put on a page with another ScriptManager d) Both (a) and (b). e) All of the above.
A Solver constraint that is binding is one that limits the final solution in some way.
Answer the following statement true (T) or false (F)
The Internet "talks" only ____, so users must use software that supports this protocol.?
A. ?IPX/SPX B. ?DSL C. ?TCP/IP D. ?FTP
Answer the following statements true (T) or false (F)
1. Symmetric encryption is used primarily to provide confidentiality. 2. Two of the most important applications of public-key encryption are digital signatures and key management. 3. Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. 4. The secret key is input to the encryption algorithm. 5. Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits.