SCS-C02 Question #188: Real Exam Question with Answer & Explanation

Question

A company has a web-based application that runs behind an Application Load Balancer (ALB). The application is experiencing a credential stuffing attack that is producing many failed login attempts. The attack is coming from many IP addresses. The login attempts are using a user agent string of a known mobile device emulator. A security engineer needs to implement a solution to mitigate the credential stuffing attack. The solution must still allow legitimate logins to the application. Which solution will meet these requirements?

Options

• ACreate an Amazon CloudWatch alarm that reacts to login attempts that contain the specified user
• BModify the inbound security group on the ALB to deny traffic from the IP addresses that are
• CCreate an AWS WAF web ACL for the ALB Create a custom rule that blocks requests that contain
• DCreate an AWS WAF web ACL for the ALB. Create a custom rule that allows requests from

Explanation

To mitigate a credential stuffing attack against a web-based application behind an Application Load Balancer (ALB), creating an AWS WAF web ACL with a custom rule to block requests containing the known malicious user agent string is an effective solution. This approach allows for precise targeting of the attack vector (the user agent string of the device emulator) without impacting legitimate users. AWS WAF provides the capability to inspect HTTP(S) requests and block those that match defined criteria, such as specific strings in the user agent header, thereby preventing malicious requests from reaching the application.

No community discussion yet for this question.