AWS Certified Security – Specialty — Question 296

A company is running a dynamic website by using an Application Load Balancer (ALB). A security engineer notices that bots from different IP addresses are using brute-force attacks to invoke a service endpoint frequently.

What is the FASTEST way to mitigate this problem?

Answer options

• A. Create an AWS Lambda function to process ALB logs. Block the bots’ IP addresses in the ALB’s security group.
• B. Create an AWS WAF web ACL for the ALAdd a rate-based rule to the web ACL to block the bots.
• C. Create an ALB listener rule. Combine source-ip and path-pattern as the conditions to match bots. Specify a fixed-response action to return an HTTP 403 status.
• D. Create an AWS WAF web ACL for the ALB. Add a rate-based rule to a rule group to block the bots. Attach the rule to the web ACL.

Correct answer: D

Explanation

AWS WAF rate-based rules are the fastest and most efficient way to mitigate brute-force attacks from multiple IP addresses by automatically blocking clients that exceed a request threshold. Using a rule group to manage these rate-based rules and attaching it to the web ACL associated with the ALB represents the best practice for scalability and management. Other methods, such as parsing logs with AWS Lambda or manually configuring security groups and ALB listener rules, are too slow to deploy and cannot dynamically adapt to changing bot IP addresses.