AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
A company has implemented AWS WAF to safeguard a public API service hosted on Amazon EC2 instances, which is fronted by an Application Load Balancer. The AWS WAF web ACL is set up with an AWS Managed Rules rule group. Following a software update to both the API and the client application, certain request types have ceased functioning, leading to application instability. A security engineer identifies that AWS WAF logging was not activated for the web ACL. The engineer must promptly restore the application's functionality, address the issue causing the blockage, and guarantee that logging cannot be disabled in the future. The engineer activates logging for the web ACL and designates Amazon CloudWatch Logs as the logging destination. What series of actions should the security engineer undertake to fulfill these objectives?
A company has implemented AWS WAF to safeguard a public API service hosted on Amazon EC2 instances, which is fronted by an Application Load Balancer. The AWS WAF web ACL is set up with an AWS Managed Rules rule group. Following a software update to both the API and the client application, certain request types have ceased functioning, leading to application instability. A security engineer identifies that AWS WAF logging was not activated for the web ACL. The engineer must promptly restore the application's functionality, address the issue causing the blockage, and guarantee that logging cannot be disabled in the future. The engineer activates logging for the web ACL and designates Amazon CloudWatch Logs as the logging destination. What series of actions should the security engineer undertake to fulfill these objectives?
Explanation:
The correct answer is B. The requirement is to prevent AWS WAF administrators from removing the logging configuration for any AWS WAF web ACLs. To achieve this, the AWS WAF resource policy should be modified. The reason for choosing the AWS WAF resource policy over IAM policy is that resource policies provide more granular control over resource-specific permissions, ensuring that no administrator can disable logging. Additionally, the engineer should include rules with Count actions in the web ACL and review the logs to identify which rule is blocking the request.