Home › AWS Security › cloudcomputing › scsinfraiam › Which AWS feature lets a security engineer block…
Which AWS feature lets a security engineer block traffic from specific countries at the CloudFront edge — used for geographic compliance and threat mitigation?
AAWS Snowball
BAmazon EBS
CCloudFront geo-restriction + AWS WAF geo-match rules
DAmazon RDS
Answer & Solution
Correct answer: C. CloudFront geo-restriction + AWS WAF geo-match rules
CloudFront + WAF geo controls (per SCS-C02 §3.1). The others can't filter by geography.
Related questions
Which IAM feature lets an architect cap the MAXIMUM permissions an entity (user/role) can Which AWS service is the customer-identity-and-access-management (CIAM) service for consumWhich AWS service federates corporate identities (Active Directory, Okta, Azure AD) into AWhich AWS service is the canonical identity store for managing IAM users, roles, groups, aWhich AWS feature lets a security engineer trace whether traffic from a source ENI to a deWhich AWS service is the managed stateful firewall for VPC traffic — supporting Suricata-cWhich AWS service provides centralised firewall management — deploying WAF rules, Shield AWhich AWS networking primitive is STATELESS, attached at the subnet level, supports both a