SCS-C03 Question #42: Real Exam Question with Answer & Explanation

Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #42. The question stem and answer options stay visible for context.

Submitted by kev92· Mar 6, 2026Infrastructure Security

Question

A company runs ECS services behind an internet-facing ALB that is the origin for CloudFront. An AWS WAF web ACL is associated with CloudFront, but clients can bypass it by accessing the ALB directly. Which solution will prevent direct access to the ALB?

Options

AUse AWS PrivateLink with the ALB.
BReplace the ALB with an internal ALB.
CRestrict ALB listener rules to CloudFront IP ranges.
DRequire a custom header from CloudFront and validate it at the ALB.

Unlock SCS-C03 to see the answer

You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock SCS-C03 - $49.99 / 30 days Sign in

Topics

#CloudFront Origin Security#Application Load Balancer (ALB)#WAF Bypass Prevention#Custom Headers

Full SCS-C03 Practice Browse All SCS-C03 Questions