Which configuration will meet this requirement?

By:
In: SAA-C02
Tagged:
With: 1 Comment
A company’s web application is running on Amazon EC2 instances behind an Application Load Balancer.The company recently changed its policy, which now requires the application to be accessed from one specific country only.

Which configuration will meet this requirement?

Configure the security group for the EC2 instances.

Configure the security group on the Application Load Balancer.

Configure AWS WAF on the Application Load Balancer in a VPC.

Configure the network ACL for the subnet that contains the EC2 instances.

Explanations:

Configuring the security group for the EC2 instances would only control inbound and outbound traffic based on IP addresses and ports. It does not provide the capability to filter requests based on geographic location.

Similar to option A, configuring the security group on the Application Load Balancer does not allow for country-based filtering. Security groups are based on IP addresses and not on geographic locations.

Configuring AWS WAF (Web Application Firewall) on the Application Load Balancer allows for the creation of rules that can block or allow traffic based on geographic location, fulfilling the requirement to restrict access to the application from one specific country.

Network ACLs are stateless and also based on IP addresses and ports. While they can control traffic flow, they do not provide functionality to filter traffic by geographic location.

2025-10-10

1 Comment

  1. Larry
    Author

    I rate that the answer is:
    Configure AWS WAF on the Application Load Balancer in a VPC.

Leave a Reply

Your email address will not be published. Required fields are marked *

one × five =