Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 248 discussion

Option B provides the most operational efficiency to prevent the weekly spike in failed login attempts. Here's why: AWS WAF (Web Application Firewall) with a rate-based rule allows you to monitor and block traffic based on the rate of requests from different IP addresses. The rate-based rule can help identify and block the excessive login attempts originating from a large number of IP addresses that change weekly. By blocking traffic at the ALB level using AWS WAF, the traffic doesn't reach the application, reducing the load on your authentication service. The rate-based rule can automatically adjust to changing patterns of attack without manual updates, providing an efficient solution. AWS WAF is designed for web application protection and allows you to create flexible rules to mitigate various types of attacks, making it a suitable choice for handling this scenario.

Using WAF with ALB is most operationally efficient. This narrows the choices down to B and D. As IP address keeps changing B is most efficient.

The application should be used by users "around the world" so policies that IP based are not suitable, as you have to update set of new IPs each week. Option B has valid actions, as WAP webACL has rate-basted rule and Block Action.

Correct B.

easyu B

B, if login hit at a certain ratio, block this IP

B and not D because of "500 different IP addresses that change each week"

B and not D because of "500 different IP addresses that change each week"

b-b-b-b-b-b

yep, it's B

B Is Correct. Since IP address keeps changing, WAF can't block on IP/CIDR.

B is the answer