AWS Certified Security – Specialty (SCS-C02) — Question 50

A company is hosting a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application has become the target of a DoS attack. Application logging shows that requests are coming from a small number of client IP addresses, but the addresses change regularly.
The company needs to block the malicious traffic with a solution that requires the least amount of ongoing effort.
Which solution meets these requirements?

Answer options

• A. Create an AWS WAF rate-based rule, and attach it to the ALB.
• B. Update the security group that is attached to the ALB to block the attacking IP addresses.
• C. Update the ALB subnet's network ACL to block the attacking client IP addresses.
• D. Create an AWS WAF rate-based rule, and attach it to the security group of the EC2 instances.

Correct answer: A

Explanation

The correct answer is A because creating an AWS WAF rate-based rule allows for automatic adaptation to changing IP addresses and requires minimal ongoing effort to manage. Option B, while it blocks specific IPs, would require constant updates as the IPs change frequently. Option C involves managing network ACLs, which can be cumbersome and less efficient for rapidly changing IPs. Option D attaches the WAF rule to the EC2 security group rather than the ALB, which is not the best practice for this scenario.