AWS Certified Security – Specialty — Question 256

A company is hosting a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application has become the target of a DoS attack. Application logging shows that requests are coming from small number of client IP addresses, but the addresses change regularly.
The company needs to block the malicious traffic with a solution that requires the least amount of ongoing effort.
Which solution meets these requirements?

Answer options

• A. Create an AWS WAF rate-based rule, and attach it to the ALB.
• B. Update the security group that is attached to the ALB to block the attacking IP addresses.
• C. Update the ALB subnet's network ACL to block the attacking client IP addresses.
• D. Create a AWS WAF rate-based rule, and attach it to the security group of the EC2 instances.

Correct answer: A

Explanation

The correct answer is A because an AWS WAF rate-based rule can automatically block requests from IP addresses that exceed a specified rate, effectively mitigating the DoS attack with minimal management. Options B and C require manual updates to security settings for each changing IP address, leading to higher ongoing effort, while option D ties the WAF rule to individual EC2 instance security groups rather than the ALB, which is less effective in this scenario.