Answer-first summary for fast verification
Answer: Delegate AWS Firewall Manager to a security account., Create an AWS Firewall Manager policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.
Option A is correct because delegating AWS Firewall Manager to a security account is a prerequisite for managing and enforcing DNS Firewall rules organization-wide. AWS Firewall Manager simplifies management and provisioning of AWS WAF rules. Option C is correct because creating an AWS Firewall Manager policy allows attachment of AWS WAF web ACLs to any newly created ALBs and API Gateway APIs, ensuring future compliance. GuardDuty (B and D) detects and reports threats but does not directly enforce WAF policies. AWS Config (E) monitors compliance but does not enforce policies automatically.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company's security team mandates that all external Application Load Balancers (ALBs) and Amazon API Gateway APIs must be associated with AWS WAF web ACLs. The company manages hundreds of AWS accounts within a single AWS Organizations setup and has implemented AWS Config across the organization. During a recent audit, the company identified some external ALBs that lack AWS WAF web ACL associations. What actions should a DevOps engineer implement to ensure compliance with the security requirement for future ALB and API Gateway deployments?
A
Delegate AWS Firewall Manager to a security account.
B
Delegate Amazon GuardDuty to a security account.
C
Create an AWS Firewall Manager policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.
D
Create an Amazon GuardDuty policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.
E
Configure an AWS Config managed rule to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.