AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 245

Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking traffic. How will you achieve this?

Answer options

• A. Set the WAF to Monitor mode.
• B. Set the WAF to its defaults and let it do its job.
• C. Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
• D. A WAF is default deny and does not allow this. You need to use an IDS instead.

Correct answer: A

Explanation

Setting the WAF to Monitor mode allows you to observe and analyze traffic patterns without blocking any requests, which is essential for establishing a baseline. The other options either do not provide the necessary visibility into traffic patterns or incorrectly state the functionality of a WAF.