ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 274 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 274
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has a new web-based account management system for an online game. Players create a unique username and password to log in to the system.

The company has implemented an AWS WAF web ACL for the system. The web ACL includes the core rule set (CRS) AWS managed rule group on the Application Load Balancer that serves the system.

The company’s security team finds that the system was the target of a credential stuffing attack. Credentials that were exposed in other breaches were used to try to log in to the system.

The security team must implement a solution to reduce the chance of a successful credential stuffing attack in the future. The solution also must minimize impact on legitimate users of the system.

Which combination of actions will meet these requirements? (Choose two.)

  • A. Create an Amazon CloudWatch custom metric to analyze the number of successful login responses from a single IP address.
  • B. Add the account takeover prevention (ATP) AWS managed rule group to the web ACL. Configure the rule group to inspect login requests to the system. Block any requests that have the awswaf:managed:aws:atp:signal:credential_compromised label.
  • C. Configure a default web ACL action that requires all users to solve a CAPTCHA puzzle when they log in.
  • D. Implement IP-based match rules in the web ACL for any IP addresses that generate many successful login responses. Block any IP addresses that generate many successful logins.
  • E. Create a custom block response that redirects users to a secure workflow to reset their password inside the system.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by jdx000 at Nov. 28, 2024, 7:18 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
m_ch333
3 months, 3 weeks ago
Selected Answer: AB
B. - ATP checks email and password combinations against its stolen credential database, which is updated regularly as new leaked credentials are found on the dark web - ATP can temporarily block client sessions or IP addresses that have too many login failures - AWS WAF performs response inspection asynchronously, so this doesn't increase latency in your web traffic https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-atp.html
upvoted 1 times
...
Pmktechno
3 months, 4 weeks ago
Selected Answer: AB
Answer A and B
upvoted 1 times
...
Curl8012
4 months, 2 weeks ago
Selected Answer: BE
B - This satisfy the requirement to reduce the chance of stuffing attack E - This satisfy the requirement to minimize impact on legitimate users, as they prevent legit users who may be part of a credential stuffing attack (due to their compromised credentials) from being permanently blocked A leverage Cloudwatch, which is only suitable for monitoring. It goes with D, but option D which block access from IP with multiple success logins will affect legit users more than bad actors. Similarly, setting default CAPTCHA in option C will create more friction to legit users more than mitigating the issue.
upvoted 3 times
...
IPLogic
4 months, 3 weeks ago
Selected Answer: AB
Explanation: By monitoring and analyzing successful login attempts from individual IP addresses, you can detect patterns that suggest credential stuffing. This allows you to take targeted actions against suspicious IPs, improving security without impacting legitimate users. B. Add the account takeover prevention (ATP) AWS managed rule group to the web ACL. Configure the rule group to inspect login requests to the system. Block any requests that have the awswaf:managed:aws:atp:signal:credential_compromised label. Explanation: This managed rule group specifically targets account takeover attempts, including credential stuffing. By automatically inspecting and blocking compromised login requests, you add a critical layer of defense without disrupting legitimate user access.
upvoted 2 times
IPLogic
4 months, 3 weeks ago
C. Configure a default web ACL action that requires all users to solve a CAPTCHA puzzle when they log in. This option increases friction for all users, including legitimate ones, potentially impacting user experience. D. Implement IP-based match rules in the web ACL for any IP addresses that generate many successful login responses. Block any IP addresses that generate many successful logins. While this could help, it is more reactive and might lead to blocking legitimate users sharing similar IP addresses, like those behind NAT devices. E. Create a custom block response that redirects users to a secure workflow to reset their password inside the system. This approach addresses the aftermath of a potential breach rather than preventing credential stuffing attacks. By implementing both B and A, you establish a proactive and comprehensive strategy to detect and mitigate credential stuffing attacks effectively.
upvoted 1 times
...
...
HappyG
4 months, 3 weeks ago
Selected Answer: AB
Option B: Adding the AWS managed rule group for account takeover prevention (ATP) is a highly effective approach. This rule group is specifically designed to detect and mitigate credential stuffing attacks. It can inspect login attempts, and when it detects a potential compromise based on exposed credentials (indicated by the label awswaf:managed:aws:atp:signal:credential_compromised), it blocks the request. This action directly addresses the security concern while minimizing the impact on legitimate users. Option A: By creating a custom CloudWatch metric to track successful login attempts from a single IP address, you can proactively monitor and detect patterns indicative of a credential stuffing attack (such as a high volume of successful logins from one source). This allows you to implement additional measures (e.g., blocking or rate-limiting) based on the analysis of this metric without affecting legitimate users.
upvoted 1 times
...
jdx000
4 months, 4 weeks ago
Selected Answer: BD
I think b and d
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago