Malicious traffic is reaching company web servers from a single IP address located in another country. The SysOps Administrator is tasked with blocking this IP address. How should the Administrator implement the restriction?
A.
Edit the security group for the web servers and add a deny entry for the IP address
B.
Edit the network access control list for the web server subnet and add a deny entry for the IP address
C.
Edit the VPC route table to route the malicious IP address to a black hole
D.
Use Amazon CloudFront's geo restriction feature to block traffic from the IP address
Network ACLs act as stateless firewalls at the subnet level in a VPC. By adding a deny entry for the specific IP address in the NACL associated with the web server subnet, all incoming and outgoing traffic from that IP address will be blocked.
Should be D...say the application should allow XX ip from country Y...If you put that in NACL, it will block that ip from anywhere...for any specific ip from any specific country should be D...Else, we will be blacklisting that IP all together.
the default NACL *allow* all inbound and outbound traffic, so you can edit the default NACL to deny the inbound traffic from the single IP; the custom ACL *deny* all inbound and outbound traffic in default.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dkp
Highly Voted 2 years, 7 months agoDragospen
Highly Voted 2 years, 6 months agoalbert_kuo
Most Recent 10 months agogulu73
1 year, 2 months agoTroyMcLure
2 years, 6 months agokhan11
2 years, 6 months agoDrewL
2 years, 6 months agoMrDEVOPS
2 years, 6 months agokmanickam
2 years, 6 months agoezat
2 years, 6 months agosen12
2 years, 7 months agosaumenP
2 years, 7 months ago