Topic 1 Question 361
A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A SysOps administrator must block the public IP address.
Which solution will meet this requirement?
Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.
Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.
Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.
Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: D
D waf.
“A” cannot be because security groups do not have deny rules.
👍 6rdiaz2023/06/26 - 正解だと思う選択肢: D
D. meets ALL requirements for the question
👍 4Warza2023/06/26 D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.
👍 4[Removed]2023/07/09
シャッフルモード