AWS Certified Security – Specialty — Question 93

Which of the following are valid event sources that are associated with web access control lists that trigger AWS WAF rules? (Choose two.)

Answer options

• A. Amazon S3 static web hosting
• B. Amazon CloudFront distribution
• C. Application Load Balancer
• D. Amazon Route 53
• E. VPC Flow Logs

Correct answer: B, C

Explanation

The correct answers are B and C because Amazon CloudFront distributions and Application Load Balancers can both utilize AWS WAF for web application security. Options A, D, and E do not directly trigger AWS WAF rules as they do not integrate with web access control lists in the same way.