AWS Certified Security – Specialty (SCS-C02) — Question 252

A security engineer has noticed an unusually high amount of traffic coming from a single IP address. This was discovered by analyzing the Application Load Balancer’s access logs.

How can the security engineer limit the number of requests from a specific IP address without blocking the IP address?

Answer options

• A. Add a rule to the Application Load Balancer to route the traffic originating from the IP address in question and show a static webpage.
• B. Implement a rate-based rule with AWS WAF.
• C. Use AWS Shield to limit the originating traffic hit rate.
• D. Implement the GeoLocation feature in Amazon Route 53.

Correct answer: B

Explanation

The correct answer is B, as implementing a rate-based rule with AWS WAF allows the security engineer to limit requests from a specific IP address based on a defined threshold without outright blocking it. Option A does not effectively limit the request rate; it merely redirects traffic. Option C is incorrect because AWS Shield is designed for DDoS protection, not for limiting requests from an individual IP. Option D is unrelated to request rate limiting, as GeoLocation is used for routing based on geographic origin.