AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure the web ACL rules to initially count matching requests, enable AWS WAF logging, and analyze these logs for false positives. Adjust the rules to prevent false positives and gradually transition the rule actions from counting to blocking.

The correct answer is A. Setting the action of the web ACL rules to 'Count' initially allows the company to monitor traffic without blocking it. By enabling AWS WAF logging and analyzing requests, the company can identify and correct any false positives. Once they are confident that legitimate traffic will not be adversely affected, they can selectively change the rules from 'Count' to 'Block'. This approach ensures that security is improved without disrupting valid traffic. Options B, C, and D do not provide the same level of flexibility and risk management, potentially leading to unintended blocking of legitimate traffic or insufficient security coverage.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company has developed a web application hosted on Amazon EC2 instances behind an Application Load Balancer. To enhance the application's security without affecting legitimate traffic, the company plans to implement AWS WAF web ACLs. What is the optimal configuration strategy for the web ACLs to achieve this goal?

Exam-Like

Last updated: December 20, 2025 at 14:03

Configure the web ACL rules to initially count matching requests, enable AWS WAF logging, and analyze these logs for false positives. Adjust the rules to prevent false positives and gradually transition the rule actions from counting to blocking.

71.4%

Utilize rate-based rules within the web ACLs, setting a high throttle limit to avoid blocking legitimate traffic. Temporarily block requests exceeding this limit and refine the rules with nested definitions to focus on specific traffic patterns.

14.3%

Set the web ACL rules to block by default and incorporate only AWS managed rule groups. Use Amazon CloudWatch metrics and AWS WAF sampled requests or logs to assess the effectiveness of these rule groups.

Employ custom rule groups in the web ACLs with an initial allow action. Enable AWS WAF logging, analyze the logs for false positives, and adjust the rules accordingly. Over time, modify the rule actions from allowing to blocking.