AWS Certified SysOps Administrator SOA-C01 – Question812

Security has identified an IP address that should be explicitly denied for both ingress and egress requests for all services in an Amazon VPC immediately.
Which feature can be used to meet this requirement?

A.
Host-based firewalls
B. NAT Gateway
C. Network access control lists
D. Security Groups