SCS-C03
Infrastructure Security
medium
Question 6 of 36

A company wants an analysis that flags paths from an internet gateway to network interfaces, except for approved web servers that are a legitimate exception. How should the Network Access Scope be modeled?

AList approved servers only in MatchPaths
BUse MatchPaths for the broad internet-to-interface requirement and ExcludePaths for the approved web servers
CUse ExcludePaths only, because MatchPaths is optional
DUse AWS Config rules instead of Network Access Analyzer scopes

More Infrastructure Security Questions

36 questions

Full AWS Certified Security - Specialty Practice Test

All topics covered

All AWS Certified Security - Specialty Questions

Browse by topic

Related Questions

Which statement about AWS Shield Standard is correct?...

easy

A company wants to attach AWS WAF protection directly to a supported application entry point. Which ...

easy

A security engineer creates an AWS WAF web ACL that matches requests from untrusted IP addresses. Ho...

medium

A company must identify unintended network access paths relative to its security requirements and de...

medium

A company wants to remove its VPN requirement for access to internal web applications and evaluate e...

medium
View all Infrastructure Security questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account