- All Exams Instant Download
What should a solutions architect do to protect the application?
A company’s website is used to sell products to the public The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) There is also an Amazon CloudFront distribution and AWS WAF is being used to protect against SQL injection attacks The ALB is the origin for the CloudFront distribution A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website
What should a solutions architect do to protect the application?
A . Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address
B . Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address
C . Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address
D . Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address
Answer: B
Explanation:
Reference: https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-loadbalancers/
https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html
If you want to allow or block web requests based on the IP addresses that the requests originate from, create one or more IP match conditions. An IP match condition lists up to 10,000 IP addresses or IP address ranges that your requests originate from. Later in the process, when you create a web ACL, you specify whether to allow or block requests from those IP addresses.
AWS Web Application Firewall (WAF) C Helps to protect your web applications from common application-layer exploits that can affect availability or consume excessive resources. As you can see in my post (New C AWS WAF), WAF allows you to use access control lists (ACLs), rules, and conditions that define acceptable or unacceptable requests or IP addresses. You can selectively allow or deny access to specific parts of your web application and you can also guard against various SQL injection attacks. We launched WAF with support for Amazon CloudFront
https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html
https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/
Latest SAA-C02 Dumps Valid Version with 230 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
