What should a solutions architect do to protect the application?

Posted by: Pdfprep Category: SAA-C02 Tags: , ,

A company’s website is used to sell products to the public The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) There is also an Amazon CloudFront distribution and AWS WAF is being used to protect against SQL injection attacks The ALB is the origin for the CloudFront distribution A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website

What should a solutions architect do to protect the application?
A . Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address
B . Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address
C . Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address
D . Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address

Answer: B

Explanation:

Reference: https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-loadbalancers/

https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html

If you want to allow or block web requests based on the IP addresses that the requests originate from, create one or more IP match conditions. An IP match condition lists up to 10,000 IP addresses or IP address ranges that your requests originate from. Later in the process, when you create a web ACL, you specify whether to allow or block requests from those IP addresses.

AWS Web Application Firewall (WAF) C Helps to protect your web applications from common application-layer exploits that can affect availability or consume excessive resources. As you can see in my post (New C AWS WAF), WAF allows you to use access control lists (ACLs), rules, and conditions that define acceptable or unacceptable requests or IP addresses. You can selectively allow or deny access to specific parts of your web application and you can also guard against various SQL injection attacks. We launched WAF with support for Amazon CloudFront

https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html

https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/

Leave a Reply

Your email address will not be published.