Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 30 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 30
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is hosting a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application has become the target of a DoS attack. Application logging shows that requests are coming from a small number of client IP addresses, but the addresses change regularly.
The company needs to block the malicious traffic with a solution that requires the least amount of ongoing effort.
Which solution meets these requirements?

  • A. Create an AWS WAF rate-based rule, and attach it to the ALB.
  • B. Update the security group that is attached to the ALB to block the attacking IP addresses.
  • C. Update the ALB subnet's network ACL to block the attacking client IP addresses.
  • D. Create an AWS WAF rate-based rule, and attach it to the security group of the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 100fold at Oct. 19, 2023, 5:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
FunkyFresco
1 month, 2 weeks ago
Selected Answer: A
A without any doubt.
upvoted 1 times
...
navid1365
4 months, 4 weeks ago
Selected Answer: A
Attach a WAF to the ALB
upvoted 1 times
...
Sodev
6 months ago
What's that mean "a small number of client IP addresses, but the addresses change regularly.": v if small number, why not use C =)) i thing this question not exactlty, "small" is redundant words ?
upvoted 2 times
khuman_12
4 months, 2 weeks ago
Exactly, the question is incorrect. And answer A: in other words "just create rate-limit and all DDoS will take up all the limit and the service will down"
upvoted 1 times
...
...
Raphaello
9 months, 3 weeks ago
Selected Answer: A
A WAF rate-based rule and attach it to ALB.
upvoted 1 times
...
Aamee
10 months, 1 week ago
Selected Answer: A
WAF protects CloudFront, R53 and ALB as they're tightly integrated with WAF.
upvoted 1 times
...
Daniel76
10 months, 1 week ago
Selected Answer: A
AWS WAF can be deployed on Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync.
upvoted 4 times
smanzana
8 months, 2 weeks ago
Indeed, AWS WAF cannot be directly attached to the Security Group of EC2 instances.
upvoted 1 times
...
...
awssecuritynewbie
10 months, 2 weeks ago
They could of used the VPC flow logs to figure out the IPs that are attacking then use lambda to update the ACL NACL for the LB. it would be better than actually applying rate limiting.
upvoted 1 times
Josh1217
6 months, 3 weeks ago
The IPs keep on changing.
upvoted 1 times
...
...
100fold
11 months, 3 weeks ago
Selected Answer: A
Answer A https://www.examtopics.com/discussions/amazon/view/61173-exam-aws-certified-security-specialty-topic-1-question-259/
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel