A company website runs on Amazon EC2 instances behind an Application Load Balancer (ALB) . The instances run in an Auto Scaling group across multiple Availability Zones. There is an Amazon CloudFront distribution in front of the ALB. Users are reporting performance problems. A security engineer discovers that the website is receiving a high rate of unwanted requests to the CloudFront distribution originating from a series of source IP addresses. How should the security engineer address this problem?
A) Using AWS Shield, configure a deny rule with an IP match condition containing the source IPs of the unwanted requests.
B) Using Auto Scaling, configure the maximum an instance value to an increased count that will absorb the unwanted requests.
C) Using an Amazon VPC NACL, configure an inbound deny rule for each source IP CIDR address of the unwanted requests.
D) Using AWS WAF, configure a web ACL rate-based rule on the CloudFront distribution with a rate limit below that of the unwanted requests.
Correct Answer:
Verified
Q209: A company uses AWS Organization to manage
Q210: A company stores data on an Amazon
Q211: A security engineer is defining the controls
Q212: Amazon CloudWatch Logs agent is successfully delivering
Q213: A Security Administrator is restricting the capabilities
Q215: A company is running an application on
Q216: A company is collecting AWS CloudTrail log
Q217: The Development team receives an error message
Q218: A company has a web-based application using
Q219: A company is configuring three Amazon EC2
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents