Q361.A government agency iS building a forms submission portal using AWS to allow citizens to submit and retrieve sensitive documents.The solution was built using a serverless architecture with the front- end code developed using HTML and JavaScript and the backend architecture using Amazon API Gateway and Amazon S3.The portal must meet the following security requirements:--Requests to the backend infrastructure should be allowed only if they originate from a specific country.--Requests to the backend infrastructure should prevent brute force attacks from individual IP addresses by not allowing more than 3000 requests per 5 minutes (or 10 requests per second) for each IP address.--All access attempts to the backend infrastructure must be logged.Which steps should a solutions architect take to meet these requirements? (Select TWO.)
A.Configure the API Gateway API with a custom rule condition that allows APIs to be called from the authorized country only. Then enable default method throttling setting the rate limit to 10 requests per second. B.Create an AWS WAF web ACL with a custom rule condition that allows access attempts from the authorized country onlyand a rate-based rule with a rate limit of 3 000 requests per 5 minutes. Then associate the web ACL with the API Gateway API. C.Configure Amazon CloudFront with a geographical restriction that allows access attempts from the authorized country only and a rate-based rule with a rate limit of 3 000 requests per 5 minutes. Then add the API Gateway API as a custom origin. D.Configure the AWS WAF web ACL to log to an Amazon Kinesis Data Firehose delivery stream with Amazon Elasticsearch Service (Amazon ES) as the destination. Configure API Gateway to log to an Amazon CloudWatch Logs group. E.Configure the AWS WAF web ACL to log to an Amazon CloudWatch Logs group. Configure API Gateway to log to an Amazon CloudWatch Logs group.正确答案BD
