Which of the following can be used to protect against these requests?

Your company has the following setup in AWS

a. A set of EC2 Instances hosting a web application

b. An application load balancer placed in front of the EC2 Instances

There seems to be a set of malicious requests coming from a set of IP addresses.

Which of the following can be used to protect against these requests?
A . Use Security Groups to block the IP addresses
B . Use VPC Flow Logs to block the IP addresses
C . Use AWS inspector to block the IP addresses
D . Use AWS WAF to block the IP addresses

View Answer

Answer: D

Explanation:

Your answer is incorrect

Answer -D

The AWS Documentation mentions the following on AWS WAF which can be used to protect Application Load Balancers and Cloud front

A web access control list (web ACL) gives you fine-grained control over the web requests that your Amazon CloudFront distributions or Application Load Balancers respond to. You can allow or block the following types of requests:

Originate from an IP address or a range of IP addresses Originate from a specific country or countries

Contain a specified string or match a regular expression (regex) pattern in a particular part of requests

Exceed a specified length

Appear to contain malicious SQL code (known as SQL injection)

Appear to contain malicious scripts (known as cross-site scripting)

Option A is invalid because by default Security Groups have the Deny policy

Options B and C are invalid because these services cannot be used to block IP addresses

For information on AWS WAF, please visit the below URL: https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html

The correct answer is: Use AWS WAF to block the IP addresses Submit your Feedback/Queries to our Experts