AWS Certified Advanced Networking Specialty Practice Exam 2025 – Complete Study Resource

Remove ads, get exclusive features. Starting from $5.99

SPONSORED: TopResume US | Land Your Next Job Faster with a Professionally Written Resume

Question: 1 / 400

What solution should be implemented to protect against DNS exfiltration while ensuring high availability for an Amazon EC2 application behind an Application Load Balancer?

Implement a NAT gateway

Use Amazon Route 53 Resolver DNS Firewall

Using Amazon Route 53 Resolver DNS Firewall is an effective solution for protecting against DNS exfiltration while ensuring high availability for an EC2 application behind an Application Load Balancer. This service allows you to create DNS filtering rules that can allow or block DNS queries based on domain name or IP address. By intercepting and filtering DNS requests, you can prevent unauthorized DNS requests from reaching potentially malicious external servers which could be used for data exfiltration.

Route 53 Resolver DNS Firewall integrates seamlessly into your existing AWS infrastructure and is designed specifically to enhance your security posture related to DNS queries. This allows your application to continue operating as intended, maintaining high availability while simultaneously enhancing security against potential data leaks via DNS.

In contrast, while a NAT gateway could facilitate connectivity for resources requiring internet access, it doesn’t specifically address DNS queries or exfiltration, which is the primary concern here. Enabling security groups in the VPC is a basic step in securing instances but would not specifically mitigate DNS exfiltration attacks either. AWS Shield provides DDoS protection that is critical for ensuring availability but does not offer any specialized capabilities for protecting against DNS-related threats. Therefore, Route 53 Resolver DNS Firewall is clearly the most appropriate solution in this context.

Get further explanation with Examzify DeepDiveBeta

Enable security groups in the VPC

Utilize AWS Shield

Next Question

Report this question

Download AWS Certified Advanced Networking Specialty Practice Exam 2025 – Complete Study Resource PDF Study Guide

AWS Certified Advanced Networking Specialty Practice Exam 2025 – Complete Study Resource

Get the latest from Examzify