Q89 — AWS SCS-C02 Ch.1

Question 89 of 100 | ← Chapter 1

A company is using AWS WAF to protect a customized public API service that is based on Amazon EC instances. The API uses an Application Load Balancer. The AWS WAF web ACL is configured with an AWS Managed Rules rule group. After a software upgrade to the API and the client application, some types of requests are no longer working and are causing application stability issues. A security engineer discovers that AWS WAF logging is not turned on for the web ACL. The security engineer needs to immediately return the application to service, resolve the issue, and ensure that logging is not turned off in the future. The security engineer turns on logging for the web ACL and specifies Amazon CloudWatch Logs as the destination. Which additional set of steps should the security engineer take to meet the requirements?

Correct Answer: A. Edit the rules in the web ACL to include rules with Count actions. Review the logs to determine which rule is blocking the request. Modify the IAM policy of all AWS WAF administrators so that they cannot remove the logging configuration for any AWS WAF web ACLs.  

Explanation

AWS WAF日志配置与故障排除。题目情景要求恢复服务并确保后续日志不被禁用。选项A建议将规则动作改为计数模式以便记录日志,随后分析日志定位被阻止的请求,并通过IAM策略限制管理员权限以防止禁用日志。AWS文档指出Count动作允许在不阻断流量的情况下捕获匹配规则的请求,便于调试。IAM策略用于控制用户权限,确保日志配置无法被移除,而AWS WAF资源策略不用于管理用户权限。正确答案A对应正确的操作顺序及权限管理方法。