SCS-C03 Question #146: Real Exam Question with Answer & Explanation

Question

A company runs an application on a fleet of Amazon EC2 instances. The application is accessible to users around the world. The company associates an AWS WAF web ACL with an Application Load Balancer (ALB) that routes traffic to the EC2 instances. A security engineer is investigating a sudden increase in traffic to the application. The security engineer discovers a significant amount of potentially malicious requests coming from hundreds of IP addresses in two countries. The security engineer wants to quickly limit the potentially malicious requests but does not want to prevent legitimate users from accessing the application. Which solution will meet these requirements?

Options

• AUse AWS WAF to implement a rate-based rule for all incoming requests.
• BUse AWS WAF to implement a geographical match rule to block all incoming traffic from the two
• CEdit the ALB security group to include a geographical match rule to block all incoming traffic from
• DAdd deny rules to the ALB security group that prohibit incoming requests from the IP addresses.

Explanation

AWS WAF rate-based rules are specifically designed to protect applications from traffic floods and distributed attacks that originate from large numbers of IP addresses. According to the AWS Certified Security - Specialty Official Study Guide, rate-based rules automatically track the number of requests coming from individual IP addresses and temporarily block IPs that exceed a defined threshold. In this scenario, the malicious traffic originates from hundreds of IP addresses across two countries, mixed with legitimate user traffic. A rate-based rule allows the security engineer to limit excessive request rates without fully blocking access from entire geographic regions, ensuring that legitimate users can still access the application.

No community discussion yet for this question.