🔥 3-day streak
AWS Certified Advanced Networking - Specialty58 / 141
Question 58 of 141

A company runs a public HTTPS web application behind an Application Load Balancer (ALB) that they want to protect with AWS WAF. They also have a requirement from their security team: the backend EC2 instances must see the original client source IP addresses in the application logs for fraud analysis, without deploying any additional software on the instances. The ALB terminates TLS. Which approach meets both the WAF protection and original client IP requirements with the least operational overhead?

Reviewed for accuracy · Report an issueNext question