Topic 1 Question 274
2 つ選択A company has a new web-based account management system for an online game. Players create a unique username and password to log in to the system.
The company has implemented an AWS WAF web ACL for the system. The web ACL includes the core rule set (CRS) AWS managed rule group on the Application Load Balancer that serves the system.
The company’s security team finds that the system was the target of a credential stuffing attack. Credentials that were exposed in other breaches were used to try to log in to the system.
The security team must implement a solution to reduce the chance of a successful credential stuffing attack in the future. The solution also must minimize impact on legitimate users of the system.
Which combination of actions will meet these requirements?
Create an Amazon CloudWatch custom metric to analyze the number of successful login responses from a single IP address.
Add the account takeover prevention (ATP) AWS managed rule group to the web ACL. Configure the rule group to inspect login requests to the system. Block any requests that have the awswaf:managed:aws:atp:signal:credential_compromised label.
Configure a default web ACL action that requires all users to solve a CAPTCHA puzzle when they log in.
Implement IP-based match rules in the web ACL for any IP addresses that generate many successful login responses. Block any IP addresses that generate many successful logins.
Create a custom block response that redirects users to a secure workflow to reset their password inside the system.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: BE
B - This satisfy the requirement to reduce the chance of stuffing attack E - This satisfy the requirement to minimize impact on legitimate users, as they prevent legit users who may be part of a credential stuffing attack (due to their compromised credentials) from being permanently blocked
A leverage Cloudwatch, which is only suitable for monitoring. It goes with D, but option D which block access from IP with multiple success logins will affect legit users more than bad actors. Similarly, setting default CAPTCHA in option C will create more friction to legit users more than mitigating the issue.
👍 3Curl80122024/12/06 - 正解だと思う選択肢: AB
Explanation: By monitoring and analyzing successful login attempts from individual IP addresses, you can detect patterns that suggest credential stuffing. This allows you to take targeted actions against suspicious IPs, improving security without impacting legitimate users.
B. Add the account takeover prevention (ATP) AWS managed rule group to the web ACL. Configure the rule group to inspect login requests to the system. Block any requests that have the awswaf:managed:aws:atp:signal:credential_compromised label.
Explanation: This managed rule group specifically targets account takeover attempts, including credential stuffing. By automatically inspecting and blocking compromised login requests, you add a critical layer of defense without disrupting legitimate user access.
👍 2IPLogic2024/12/06 - 正解だと思う選択肢: BD
I think b and d
👍 1jdx0002024/11/28
シャッフルモード