SCS-C02 · Question #463
SCS-C02 Question #463: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #463. The question stem and answer options stay visible for context.
Question
A company has a new web-based account management system for an online game. Players create a unique username and password to log in to the system. The company has implemented an AWS WAF web ACL for the system. The web ACL includes the core rule set (CRS) AWS managed rule group on the Application Load Balancer that serves the system. The company's security team finds that the system was the target of a credential stuffing attack. Credentials that were exposed in other breaches were used to try to log in to the system. The security team must implement a solution to reduce the chance of a successful credential stuffing attack in the future. The solution also must minimize impact on legitimate users of the system. Which combination of actions will meet these requirements? (Choose two.)
Options
- ACreate an Amazon CloudWatch custom metric to analyze the number of successful login
- BAdd the account takeover prevention (ATP) AWS managed rule group to the web ACL.
- CConfigure a default web ACL action that requires all users to solve a CAPTCHA puzzle when they
- DImplement IP-based match rules in the web ACL for any IP addresses that generate many
- ECreate a custom block response that redirects users to a secure workflow to reset their password
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.