🔥 3-day streak
AWS Certified Security - Specialty154 / 157
Question 154 of 157
A retail company deploys AWS WAF on an Application Load Balancer using the AWS Managed Rules Core rule set and SQL database rule group. Shortly after enabling the rules in blocking mode, customers report that legitimate checkout requests containing product descriptions with SQL-like text (e.g., 'SELECT premium bundle') are being rejected with HTTP 403 errors. The security team must reduce false positives for this specific rule without disabling protection against real SQL injection attacks across the rest of the application. What is the MOST appropriate action?
Reviewed for accuracy · Report an issueNext question