A company has implemented AWS WAF and Amazon CloudFront for an application. The application runs on Amazon EC2 instances that are part of an Auto Scaling group. The Auto Scaling group is behind an Application Load Balancer (ALB) . The AWS WAF web ACL uses an AWS Managed Rules rule group and is associated with the CloudFront distribution. CloudFront receives the request from AWS WAF and the uses the ALB as the distribution's origin. During a security review, a security engineer discovers that the infrastructure is susceptible to a large, layer 7 DDoS attack. How can the security engineer improve the security at the edge of the solution to defend against this type of attack?
A) Configure the CloudFront distribution to use the Lambda@Edge feature. Create an AWS Lambda function that imposes a rate limit on CloudFront viewer requests. Block the request if the rate limit is exceeded.
B) Configure the AWS WAF web ACL so that the web ACL has more capacity units to process all AWS WAF rules faster.
C) Configure AWS WAF with a rate-based rule that imposes a rate limit that automatically blocks requests when the rate limit is exceeded.
D) Configure the CloudFront distribution to use AWS WAF as its origin instead of the ALB.
Correct Answer:
Verified
Q285: A company stores images for a website
Q286: A development team is using an AWS
Q287: A company deployed an Amazon EC2 instance
Q288: A company is using AWS Organizations to
Q289: Example.com is hosted on Amazon EC2 instance
Q290: Unapproved changes were previously made to a
Q292: Amazon GuardDuty has detected communications to a
Q293: A company uses Amazon RDS for MySQL
Q294: A company has an application that uses
Q295: A developer is building a serverless application
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents