AWS Certified Solutions Architect – Professional — Question 707

A company has developed a web application. The company is hosting the application on a group of Amazon EC2 instances behind an Application Load Balancer.
The company wants to improve the security posture of the application and plans to use AWS WAF web ACLs. The solution must not adversely affect legitimate traffic to the application.
How should a solutions architect configure the web ACLs to meet these requirements?

Answer options

• A. Set the action of the web ACL rules to Count. Enable AWS WAF logging. Analyze the requests for false positives. Modify the rules to avoid any false positive. Over time, change the action of the web ACL rules from Count to Block.
• B. Use only rate-based rules in the web ACLs, and set the throttle limit as high as possible. Temporarily block all requests that exceed the limit. Define nested rules to narrow the scope of the rate tracking.
• C. Set the action of the web ACL rules to Block. Use only AWS managed rule groups in the web ACLs. Evaluate the rule groups by using Amazon CloudWatch metrics with AWS WAF sampled requests or AWS WAF logs.
• D. Use only custom rule groups in the web ACLs, and set the action to Allow. Enable AWS WAF logging. Analyze the requests for false positives. Modify the rules to avoid any false positive. Over time, change the action of the web ACL rules from Allow to Block.

Correct answer: A

Explanation

Setting AWS WAF rules to Count allows you to test how rules behave against real traffic without blocking legitimate users, which prevents service disruption. Enabling logging enables the analysis of potential false positives, allowing rules to be fine-tuned before safely transitioning the action to Block. Other options either risk immediately blocking legitimate traffic or do not provide a comprehensive testing path for standard web vulnerabilities.