Topic 1 Question 340
A company has proprietary data available by using an Amazon CloudFront distribution. The company needs to ensure that the distribution is accessible by only users from the corporate office that have a known set of IP address ranges. An AWS WAF web ACL is associated with the distribution and has a default action set to Count.
Which solution will meet these requirements with the LEAST operational overhead?
Create a new regex pattern set. Add the regex pattern set to a new rule group. Create a new web ACL that has a default action set to Block. Associate the web ACL with the CloudFront distribution. Add a rule that allows traffic based on the new rule group.
Create an AWS WAF IP address set that matches the corporate office IP address range. Create a new web ACL that has a default action set to Allow. Associate the web ACL with the CloudFront distribution. Add a rule that allows traffic from the IP address set.
Create a new regex pattern set. Add the regex pattern set to a new rule group. Set the default action on the existing web ACL to Allow. Add a rule that has priority 0 that allows traffic based on the regex pattern set.
Create a WAF IP address set that matches the corporate office IP address range. Set the default action on the existing web ACL to Block. Add a rule that has priority 0 that allows traffic from the IP address set.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: D
The requirements are:
1. Restrict access to the CloudFront distribution to users from a known set of IP address ranges (the corporate office). 2. Minimize operational overhead. 3. Use the existing AWS WAF web ACL, which has the default action set to Count.Option D: Create a WAF IP address set that matches the corporate office IP address range. Set the default action on the existing web ACL to Block. Add a rule that has priority 0 that allows traffic from the IP address set.
👍 3uncledana2024/11/19 - 正解だと思う選択肢: D
Using Existing Web ACL: This approach leverages the existing web ACL, minimizing the need to create a new one, which reduces operational overhead.
IP Address Set: By creating a WAF IP address set that matches the corporate office IP address range, you precisely define which IP addresses are allowed access.
Blocking by Default: Setting the default action to Block ensures that only traffic from the defined IP addresses is allowed, meeting the security requirement.
High Priority Rule: Adding a high-priority rule (priority 0) to allow traffic from the IP address set ensures that legitimate traffic from the corporate office is not blocked.
👍 3f4b18ba2024/11/22 - 正解だと思う選択肢: D
Agreee with D as prioty 0 is the highest priority rule
👍 3teo21572024/12/18
シャッフルモード