Exam AWS Certified Cloud Practitioner topic 1 question 409 discussion

D. AWS Network Firewall AWS Network Firewall is a service that allows a company to create and manage a set of firewall rules that can be used to control network traffic. AWS Network Firewall allows customers to filter traffic to and from Amazon WorkSpaces instances based on the source and destination IP address, ports, and protocols. A. AWS Shield Advanced: AWS Shield Advanced is a service that provides DDoS protection for your applications, it is not related to web filtering. B. Amazon Route 53: Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service, it is not related to web filtering. C. Amazon GuardDuty: Amazon GuardDuty is a threat detection service that uses machine learning to identify potentially malicious activity in your AWS accounts, it is not related to web filtering.

D. AWS Network Firewall https://aws.amazon.com/network-firewall/faqs/ "Network Firewall’s flexible rules engine lets you define firewall rules that give you fine-grained control over network traffic, such as blocking outbound Server Message Block (SMB) requests to prevent the spread of malicious activity. "

ALOOOOOOOU ADM

To prevent employees from visiting specific malicious websites from their Amazon Workspaces, the company should use AWS Network Firewall (D). AWS Network Firewall is a managed firewall service that allows customers to filter traffic to and from their VPCs. Customers can create firewall rules based on IP addresses, domains, or other criteria. By setting up rules to block traffic to known malicious websites, the company can prevent its remote employees from accessing these websites from their Amazon Workspaces.

The AWS service that can help prevent employees from accessing specific websites on their Amazon Workspaces virtual desktops is AWS Network Firewall. AWS Network Firewall is a managed network firewall service that makes it easy to deploy essential network protections for all of your Amazon VPCs. With AWS Network Firewall, you can filter traffic at the perimeter of your VPC. You can set up rules to block traffic from certain IP addresses or domains, which can help prevent employees from accessing specific websites that are known to be malicious. AWS Shield Advanced is a DDoS protection service. Amazon Route 53 is a DNS service. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in your AWS accounts and workloads. While these services can contribute to overall security, they may not directly address the requirement to prevent employees from accessing specific websites on their Amazon Workspaces virtual desktops.

D. AWS Network Firewall. AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (Amazon VPCs). It provides granular control over the network traffic flowing to and from your resources, including the ability to block specific websites or domains.

D is the answer.

D. AWS Network Firewall AWS Network Firewall is an AWS service that provides protection against malicious traffic and threats by allowing users to define and enforce rules that control inbound and outbound traffic to their applications and resources.

correct one is D

correct one is D

answer D

should be D https://aws.amazon.com/blogs/desktop-and-application-streaming/filtering-internet-traffic-from-amazon-workspaces/ AWS Network Firewall extends protection beyond SG- and NACL-levels by protecting at the route level and offering stateless and stateful rules from layers 3 through 7 in the OSI Model. It uses the certificate fully qualified domain name (FQDN) or Server Name Indication (SNI) to determine if a website is allowed for HTTPS traffic. This is a commonly requested security requirement. Reviewing these design examples of AWS Network Firewall will accelerate your migration to Amazon WorkSpaces. AWS Network Firewall is a managed service, with no infrastructure to manage or patch you can simplify operational excellence. Native settings for advanced filtering (including domain name), and network traffic inspection can alert and block traffic related to malware. It also has layer 7 intrusion prevent system (IPS) rules, and the ability to apply TLS fingerprinting to prevent a spoofed IP or FQDN.