Explanation:
Using an AWS WAF IP set to allow the QA team's IPs and adding a WAF geo match rule to block specified countries satisfies the requirements. WAF supports geo-based filtering and IP exceptions with proper rule order. NACLs cannot block by country. ALB listener rules do not support geo-filtering. CloudFront alone lacks the IP exception in this setup without WAF.
Ultimate access to all questions.
A digital publishing platform must block traffic from select countries to comply with regional rights, but an eight-person QA team operating from one of those countries still needs access for testing. The application runs on Amazon EC2 behind an Application Load Balancer, and AWS WAF is already associated with the load balancer. Which combination of controls should be implemented to satisfy these requirements? (Choose 2)
A
Use an AWS WAF IP set that lists the contractor team public IPs to allow
B
Create deny entries for those countries in the VPC network ACLs
C
Add an AWS WAF geo match rule that blocks the specified countries
D
Configure Application Load Balancer listener rules to block countries
E
Amazon CloudFront
No comments yet.