AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 57

A company's web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further requests for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.
Which action should be taken to block more IP addresses, without compromising the existing security requirements?

Answer options

• A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
• B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
• C. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
• D. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.

Correct answer: D

Explanation

The correct answer is D because adding a new network ACL allows the application to continue blocking malicious IPs without hitting the entry limit. Options A and B do not effectively address the entry limit issue, while option C, although a valid alternative, does not provide the same level of control over IP blocking as using network ACLs.