AWS Certified SysOps Administrator – Associate (legacy) — Question 492

A SysOps Administrator is deploying a website with dynamic content. Company policy requires that users from certain countries or regions cannot access the web content and should receive an error page.
Which of the following can be used to implement this policy? (Choose two.)

Answer options

• A. Amazon CloudFront geo-restriction
• B. Amazon GuardDuty geo-blocking
• C. Amazon Route 53 geolocation routing
• D. AWS Shield geo-restriction
• E. Network access control list (NACL) restriction

Correct answer: A, C

Explanation

Amazon CloudFront geo-restriction allows you to restrict access to your content based on the country of the request origin, returning an error page to blocked users. Amazon Route 53 geolocation routing lets you route traffic based on the geographic location of your users, enabling you to direct restricted regions to an alternative resource or error page. Other options, such as Amazon GuardDuty, AWS Shield, and NACLs, do not natively support blocking or routing based on geographic regions.