AWS Certified SysOps Administrator – Associate (legacy) — Question 78

Malicious traffic is reaching company web servers. A SysOps Administrator is tasked with blocking this traffic. The malicious traffic is distributed over many IP addresses and represents much higher traffic than is typically seen from legitimate users.
How should the Administrator protect the web servers?

Answer options

• A. Create a security group for the web servers and add deny rules for malicious sources.
• B. Set the network access control list for the web servers' subnet and add deny entries.
• C. Place web servers behind AWS WAF and establish the rate limit to create a blacklist.
• D. Use Amazon CloudFront to cache all pages and remove the traffic from the web servers.

Correct answer: C

Explanation

The correct answer is C because AWS WAF allows for advanced traffic filtering and rate limiting, which is essential for mitigating distributed malicious traffic. Option A and B are not effective as security groups and network ACLs do not handle dynamic and high-volume malicious traffic well. Option D can help with performance but does not specifically address the need to block the malicious traffic effectively.