AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 240
Your website utilizes EC2, S3, ELB-Classic, and CloudFront. Your manager has shifted focus to security and wants you to ensure the site is as secure as possible. What two items could you recommend? (Choose two.)
Answer options
- A. An NACL that blocks all ports to your subnets.
- B. A restricted bucket policy.
- C. A WAF on the load balancer.
- D. A WAF on your CloudFront distribution.
Correct answer: B, D
Explanation
A restricted bucket policy (B) is essential for limiting access to your S3 buckets, ensuring that only authorized users can retrieve or manipulate data. Implementing a WAF on your CloudFront distribution (D) helps protect your application from common web exploits, enhancing the overall security. On the other hand, blocking all ports with an NACL (A) would impede legitimate traffic, and a WAF on the load balancer (C) is less effective compared to placing it on CloudFront, which serves as the first line of defense.