AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your client has a cloud-based application that must be securely accessible by both internal staff and external clients. Internal staff should only access the application via the company's network, while external clients should be granted direct access through the public internet. Which service or feature should the architect leverage to enforce this selective access policy for the application?
Set up a dedicated networking linkage for exclusive database connectivity, restricting all other forms of access.
Implement a global DNS service to discriminate traffic and control application access.
Activate a premium security service typically used for safeguarding against distributed denial-of-service attacks.
Deploy a web application firewall to define access rules contingent on the source IP addresses.
The client's requirement can be fulfilled by using a web application firewall to create access rules based on the source IP addresses. Such a service allows the creation of rules to permit or deny traffic based on specific conditions, which would enable the company to restrict employee access to requests coming from their corporate network's IP range, while still allowing customer traffic from the internet. This ensures that the appropriate level of application access is maintained for different user groups while adhering to strong security practices.
A service dedicated to DDoS protection does not offer the conditional IP-based access control that the scenario requires. A dedicated network connection solution would not serve the purpose of selectively granting access based on the source of the request. A DNS service, despite its critical role in the resolution of domain names, does not possess the ability to enforce web application access policies.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a web application firewall (WAF)?
Open an interactive chat with Bash
How does IP address-based access control work?
Open an interactive chat with Bash
What are the benefits of using a firewall for access management?