SAA-C03 - Design Secure Architectures - Section 1.4

Design network segmentation and edge protection using VPC security groups, network ACLs, AWS WAF and AWS Shield.

Compare stateful security groups with stateless network ACLs and explain where each layer sits in the VPC traffic flow. Apply AWS WAF web ACL rules to filter HTTP threats at the application layer, and recognise which AWS Shield tier provides managed DDoS protection without additional configuration.

Examworthy is not affiliated with or endorsed by Amazon Web Services. Original, blueprint-aligned practice material only.