Topic 1 Question 162
A company has a web-based application that runs behind an Application Load Balancer (ALB). The application is experiencing a credential stuffing attack that is producing many failed login attempts. The attack is coming from many IP addresses. The login attempts are using a user agent string of a known mobile device emulator.
A security engineer needs to implement a solution to mitigate the credential stuffing attack. The solution must still allow legitimate logins to the application.
Which solution will meet these requirements?
Create an Amazon CloudWatch alarm that reacts to login attempts that contain the specified user agent string Add an Amazon Simple Notification Service (Amazon SNS) topic to the alarm.
Modify the inbound security group on the ALB to deny traffic from the IP addresses that are involved in the attack.
Create an AWS WAF web ACL for the ALB Create a custom rule that blocks requests that contain the user agent string of the device emulator.
Create an AWS WAF web ACL for the ALB. Create a custom rule that allows requests from legitimate user agent strings.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: C
Answer is C
A. CloudWatch Alarm with SNS: This would only notify the security team about the attack, not actively block it.
B. Deny traffic from attack IPs: This might block legitimate users if they share the same IP range as attackers (e.g., company using a VPN).
D. Allow requests from legitimate user agents: Creating an exhaustive list of legitimate user agents is difficult and can be bypassed by attackers using slightly modified strings.
Option C targets the specific characteristic of the attack (mobile device emulator user agent) and blocks those requests, allowing legitimate users with different user agents to access the application.
👍 3aescudero512024/12/01
シャッフルモード