AWS Certified Security – Specialty (SCS-C02) — Question 249

A company runs an application on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). A security engineer needs to provide secure access to the application without requiring the use of a VPN. Users should be able to access the application only when they meet specific security conditions, including a defined device posture.

Which solution will meet these requirements?

Answer options

• A. Create an AWS WAF web ACL. Configure a custom response to block traffic that does not align with the defined device posture.
• B. Configure AWS Verified Access. Add the application by creating an endpoint for the ALB.
• C. Configure Amazon Verified Permissions. Use a policy-based access control (PBAC) policy to perform authorization.
• D. Configure Amazon Verified Permissions. Add the application by creating an endpoint for the ALB.

Correct answer: B

Explanation

The correct answer is B because AWS Verified Access allows secure access to applications based on device posture without requiring a VPN. The other options do not provide the same level of secure access tailored to specific security conditions as required in the scenario.