AWS Certified SysOps Administrator – Associate (legacy) — Question 24

Malicious traffic is reaching company web servers from a single IP address located in another country. The SysOps Administrator is tasked with blocking this IP address.
How should the Administrator implement the restriction?

Answer options

• A. Edit the security group for the web servers and add a deny entry for the IP address
• B. Edit the network access control list for the web server subnet and add a deny entry for the IP address
• C. Edit the VPC route table to route the malicious IP address to a black hole
• D. Use Amazon CloudFront's geo restriction feature to block traffic from the IP address

Correct answer: D

Explanation

The correct answer is D because Amazon CloudFront offers geo restriction capabilities that can effectively block traffic based on geographic location. The other options, while they may restrict access, do not specifically target the geographic origin of the traffic as effectively as CloudFront's feature does.