AWS Certified Advanced Networking – Specialty ANS-C00 – Question252

Your website utilizes EC2, S3, ELB-Classic, and CloudFront. Your manager has shifted focus to security and wants you to ensure the site is as secure as possible. What two items could you recommend? (Choose two.)

A.
An NACL that blocks all ports to your subnets.
B. A restricted bucket policy.
C. A WAF on the load balancer.
D. A WAF on your CloudFront distribution.

Correct Answer: BD

Explanation:

Explanation: A WAF on CloudFront and a restricted bucket policy to ensure the only access is from CloudFront. You cannot apply a WAF to a classic load balancer and an NACL that blocks all ports would block access to the load balancer.