ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 477 discussion

Exam question from Amazon's AWS-SysOps
Question #: 477
Topic #: 1
[All AWS-SysOps Questions]

You have been asked to design a layered security solution for protecting your organization's net-work infrastructure. You research several options and decide to deploy a network-level security con-trol appliance, inline, where traffic is intercepted and analyzed prior to being forwarded to its final destination, such as an application server. Which of the following is NOT considered an inline threat protection technology?

  • A. Intrusion prevention systems
  • B. Third-party firewall devices installed on Amazon EC2 instances
  • C. Data loss management gateways
  • D. Augmented security groups with Network ACLs
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Many organizations consider layered security to be a best practice for protecting network infrastruc-ture. In the cloud, you can use a combination of Amazon VPC, implicit firewall rules at the hypervi-sor-layer, alongside network access control lists, security groups, host-based firewalls, and IDS/IPS systems to create a layered solution for network security. While security groups, NACLs and host-based firewalls meet the needs of many customers, if you're looking for defense in- depth, you should deploy a network-level security control appliance, and you should do so inline, where traffic is intercepted and analyzed prior to being forwarded to its final destination, such as an application server.
Examples of inline threat protection technologies include the following:
Third-party firewall devices installed on Amazon EC2 instances (also known as soft blades)
Unified threat management (UTM) gateways

Intrusion prevention systems -

Data loss management gateways -

Anomaly detection gateways -
Advanced persistent threat detection gateways
Reference:
https://d0.awsstatic.com/whitepapers/aws-security-best-practices.pdf
by mvsnogueira at April 14, 2020, 12:57 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mvsnogueira
Highly Voted 2 years, 6 months ago
D AWS_Security_Best_Practices.pdf Page 65 Examples of inline threat protection technologies include the following: • Third-party firewall devices installed on Amazon EC2 instances (also known as soft blades) • Unified threat management (UTM) gateways • Intrusion prevention systems • Data loss management gateways • Anomaly detection gateways • Advanced persistent threat detection gateways
upvoted 8 times
...
albert_kuo
Most Recent 10 months, 1 week ago
Selected Answer: D
Augmented security groups with Network ACLs are not considered inline threat protection technologies. They are network-level security measures provided by AWS to control inbound and outbound traffic at the subnet and instance level. They operate at the network layer and provide basic allow/deny rules based on IP addresses, ports, and protocols. However, they do not intercept and analyze traffic before forwarding it to its final destination. They are not inline appliances or technologies that actively inspect and protect against threats.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago