🔥 3-day streak
AWS Certified Security - Specialty153 / 157
Question 153 of 157

A media company serves a public web application through an Application Load Balancer protected by AWS WAF. Legal requirements mandate that the application only be accessible from users located in Canada and the United States. However, the security team notices that after adding a geo match rule to block all countries except CA and US, a significant number of legitimate North American users are still being blocked. Investigation shows these users route through a third-party content delivery and optimization proxy service whose egress nodes are located in Europe. What is the MOST appropriate way to enforce the geographic restriction while allowing these legitimate users?

Reviewed for accuracy · Report an issueNext question