Topic 1 Question 248
An education company is running a web application used by college students around the world. The application runs in an Amazon Elastic Container Service (Amazon ECS) cluster in an Auto Scaling group behind an Application Load Balancer (ALB). A system administrator detects a weekly spike in the number of failed login attempts, which overwhelm the application's authentication service. All the failed login attempts originate from about 500 different IP addresses that change each week. A solutions architect must prevent the failed login attempts from overwhelming the authentication service.
Which solution meets these requirements with the MOST operational efficiency?
Use AWS Firewall Manager to create a security group and security group policy to deny access from the IP addresses.
Create an AWS WAF web ACL with a rate-based rule, and set the rule action to Block. Connect the web ACL to the ALB.
Use AWS Firewall Manager to create a security group and security group policy to allow access only to specific CIDR ranges.
Create an AWS WAF web ACL with an IP set match rule, and set the rule action to Block. Connect the web ACL to the ALB.
ユーザの投票
コメント(12)
- 正解だと思う選択肢: B
B is the answer
👍 3bhanus2023/06/22 - 正解だと思う選択肢: B
B and not D because of "500 different IP addresses that change each week"
👍 3SmileyCloud2023/06/26 - 正解だと思う選択肢: B
Option B provides the most operational efficiency to prevent the weekly spike in failed login attempts. Here's why:
AWS WAF (Web Application Firewall) with a rate-based rule allows you to monitor and block traffic based on the rate of requests from different IP addresses. The rate-based rule can help identify and block the excessive login attempts originating from a large number of IP addresses that change weekly. By blocking traffic at the ALB level using AWS WAF, the traffic doesn't reach the application, reducing the load on your authentication service. The rate-based rule can automatically adjust to changing patterns of attack without manual updates, providing an efficient solution. AWS WAF is designed for web application protection and allows you to create flexible rules to mitigate various types of attacks, making it a suitable choice for handling this scenario.
👍 3totten2023/10/12
シャッフルモード