AWS Certified Solutions Architect – Associate (SAA-C02) — Question 109

A company's web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.
Which configuration will meet this requirement?

Answer options

• A. Configure the security group for the EC2 instances.
• B. Configure the security group on the Application Load Balancer.
• C. Configure AWS WAF on the Application Load Balancer in a VPC.
• D. Configure the network ACL for the subnet that contains the EC2 instances.

Correct answer: C

Explanation

The correct answer is C because AWS WAF can be configured to allow or block traffic based on geographic location, thus ensuring access is restricted to only the specified country. Option A and B focus on security groups, which control traffic based on IP addresses rather than geographic location. Option D involves network ACLs that also do not provide the capability to filter traffic by country.