🔥 3-day streak
AWS Certified Security - Specialty180 / 184
Question 180 of 184

A company runs a public web application behind Amazon CloudFront with an AWS WAF web ACL attached. The web ACL contains, in this order: (1) a rate-based rule, (2) the AWS Managed Rules Core Rule Set (CRS), and (3) a custom rule that explicitly allows requests from the company's corporate IP set for administrative access. After deployment, administrators report that legitimate admin requests from the corporate IP range are being blocked, even though the traffic is not malicious. What is the MOST likely cause and the correct remediation?

Reviewed for accuracy · Report an issueNext question