AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 9

The Web Application Development team is worried about malicious activity from 200 random IP addresses. Which action will ensure security and scalability from this type of threat?

Answer options

• A. Use inbound security group rules to block the IP addresses.
• B. Use inbound network ACL rules to block the IP addresses.
• C. Use AWS WAF to block the IP addresses.
• D. Write iptables rules on the instance to block the IP addresses.

Correct answer: B

Explanation

The correct answer is B because network ACLs operate at the subnet level and can handle large numbers of IP addresses efficiently, ensuring scalability. In contrast, security group rules (A) are limited to instances and do not provide the same level of performance for blocking multiple IPs, AWS WAF (C) is designed for web applications and may not be as efficient for this specific scenario, and iptables (D) is instance-specific and not ideal for managing a large scale of IP addresses.