Exam AWS-SysOps topic 1 question 600 discussion

seems like ans is :D The following HTTP errors are generated by the load balancer HTTP 400: Bad Request Possible causes: The client sent a malformed request that does not meet the HTTP specification. The request header exceeded 16K per request line, 16K per single header, or 64K for the entire head https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html#http-400-issues When a load balancer receives an HTTP request, it checks for malformed requests and for the length of the method. The total method length in an HTTP request to a load balancer must not exceed 127 characters. If the HTTP request passes both checks, the load balancer sends the request to the EC2 instance. If the method field in the request is malformed, the load balancer responds with an HTTP 400: BAD_REQUEST error. https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ts-elb-error-message.html

Answer is C. WAF is used to prevent malformed HTTP headers where as an ALB will generate an error when it seems a malformed HTTP header.

AWS WAF is a web application firewall that helps protect web applications from common web exploits and attacks, including those that involve malformed HTTP headers. It allows you to define custom security rules and conditions to filter and block malicious traffic before it reaches your EC2 instances. By configuring AWS WAF with appropriate rules and conditions, you can detect and block requests with malformed HTTP headers, preventing them from reaching your EC2 instances and potentially compromising your web applications.

C) ALB An application load balancer will block malformed requests that do not meet the HTTP specification with a HTTP 400: Bad request error. An ALB can be placed in front of the EC2 web applications and this will prevent the attack from reaching the instances. The ALB attribute “Drop Invalid Header Fields” setting can be used to control if invalid header fields are removed by the load balancer. WAF :AWS WAF cannot be used to protect EC2 instances 'directly'. It can be used in front of CloudFront distributions, ALBs and API Gateways.

Both C and D can do the job. D is no extra cost - there is an option to throw away the malformed http headers C WAF is a paid service but helps many other different types of attacks. In real-life the company would already have a WAF so it is like better bang for the $. For exam purpose I would answer D but practically I would use C.

Correct Answer: C "security", "coordinated attack", "web applications" => WAF It's a firewall task, not a load balance task. The web application firewall would be placed in front of the ALB.

C is the answer

Since both an ALB and WAF will do it, I assume since the applications are on one EC2 instance, then it would be WAF, not a load balancer. Plus, its more secure and you dont have more than 1 ec2 instance.

Explanation An application load balancer will block malformed requests that do not meet the HTTP specification with a HTTP 400: Bad request error. An ALB can be placed in front of the EC2 web applications and this will prevent the attack from reaching the instances. The ALB attribute “Drop Invalid Header Fields” setting can be used to control if invalid header fields are removed by the load balancer. CORRECT: "Application Load Balancer (ALB)" is the correct answer.

CORRECT: "Application Load Balancer (ALB)" is the correct answer. INCORRECT: "AWS Web Application Firewall (WAF)" is incorrect. AWS WAF cannot be used to protect EC2 instances directly. It can be used in front of CloudFront distributions, ALBs and API Gateways.

Answer is D.

C is correct: You can research the keyword: "HTTP header" at this page: https://aws.amazon.com/waf/

C. https://aws.amazon.com/premiumsupport/knowledge-center/waf-block-common-attacks/

Answer "C". WAF is born for that, lol..

Answer is C https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

C. AWS WAF Seem correct

lets toss a coin who is right - half of you say c and exactly other half d