Which action will meet these requirements?

By:
In: SAA-C02
Tagged:
With: 1 Comment
A company serves content to its subscribers across the world using an application running on AWS.The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB).Due to a recent change in copyright restrictions, the chief information officer (CIO) wants to block access for certain countries.

Which action will meet these requirements?

Modify the ALB security group to deny incoming traffic from blocked countries.

Modify the security group for EC2 instances to deny incoming traffic from blocked countries.

Use Amazon CloudFront to serve the application and deny access to blocked countries.

Use ALB listener rules to return access denied responses to incoming traffic from blocked countries.

Explanations:

Security groups do not support filtering traffic by geographic location or country.

Security groups cannot block traffic based on country; they only work with IP addresses and ports.

Amazon CloudFront supports geo-restriction features to block access from specific countries.

ALB listener rules do not have built-in functionality to filter traffic based on geographic location.

2025-10-12

1 Comment

  1. Jennifer
    Author

    In my experience, the answer is:
    Use Amazon CloudFront to serve the application and deny access to blocked countries.

Leave a Reply

Your email address will not be published. Required fields are marked *

14 − nine =