🔥 3-day streak
AWS Certified Security - Specialty157 / 157
Question 157 of 157
A financial services company runs a public web application behind an Application Load Balancer protected by AWS WAF. Compliance requires that all WAF request evaluations be retained for auditing, but the security team must ensure that sensitive HTTP header values (such as the Authorization header) are never stored in the logs. What is the MOST appropriate way to meet both requirements?
Reviewed for accuracy · Report an issue