Q16 — AWS SAA-C03 Ch.1
Question 16 of 65 | ← Chapter 1
Q16. A company's web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.Which configuration will meet this requirement?
- A. Configure the security group for the EC2 instances.
- B. Configure the security group on the Application Load Balancer.
- C. Configure AWS WAF on the Application Load Balancer in a VPC. ✓
- D. Configure the network ACL for the subnet that contains the EC2 instances.
Correct Answer: C. Configure AWS WAF on the Application Load Balancer in a VPC.
Explanation
"Geographic (Geo) Match Conditions in AWS WAF.This new condition type allows you to use AWS WAF to restrict application access based on the geographic location of your viewers. With geo match conditions you can choose the countries from which AWS WAF should allow access. " https://aws.amazon.com/es/blogs/ security/how-to-use-aws-waf-to-filter-incoming-traffic-from-embargoed- countries/ https://aws.amazon.com/about-aws/whats-new/2017/10/aws-waf-now-supports-geographic-match/