Amazon Exam SCS-C02 Topic 7 Question 19 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 19
Topic #: 7

A company has a web-based application that runs behind an Application Load Balancer (ALB). The application is experiencing a credential stuffing attack that is producing many failed login attempts. The attack is coming from many IP addresses. The login attempts are using a user agent string of a known mobile device emulator.

A security engineer needs to implement a solution to mitigate the credential stuffing attack. The solution must still allow legitimate logins to the application.

Which solution will meet these requirements?

ACreate an Amazon CloudWatch alarm that reacts to login attempts that contain the specified user agent string. Add an Amazon Simple Notification Service (Amazon SNS) topic to the alarm.

BModify the inbound security group on the ALB to deny traffic from the IP addresses that are involved in the attack.

CCreate an AWS WAF web ACL for the ALB. Create a custom rule that blocks requests that contain the user agent string of the device emulator.

DCreate an AWS WAF web ACL for the ALB Create a custom rule that allows requests from legitimate user agent strings

Show Suggested Answer

Suggested Answer: C

To mitigate a credential stuffing attack against a web-based application behind an Application Load Balancer (ALB), creating an AWS WAF web ACL with a custom rule to block requests containing the known malicious user agent string is an effective solution. This approach allows for precise targeting of the attack vector (the user agent string of the device emulator) without impacting legitimate users. AWS WAF provides the capability to inspect HTTP(S) requests and block those that match defined criteria, such as specific strings in the user agent header, thereby preventing malicious requests from reaching the application.

by Jolene at May 19, 2024, 08:50 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Emile

5 months ago

Haha, I bet the attacker is using one of those fancy mobile device emulators that cost more than my whole computer!

upvoted 0 times

Tammi

4 months ago

C: Good idea. We can still allow legitimate logins while blocking the attack.

upvoted 0 times

...

Kanisha

5 months ago

B: I think we should create an AWS WAF web ACL with a custom rule to block requests with that user agent string.

upvoted 0 times

...

Yuriko

5 months ago

A: That's crazy! They must really want to get into the application.

upvoted 0 times

...

Lorriane

5 months ago

I'm not sure that creating a CloudWatch alarm is the best solution here. That would just alert you to the attack, but wouldn't actually do anything to stop it.

upvoted 0 times

...

William

5 months ago

I agree with Levi. C is the way to go here. Blocking the IP addresses might be a good temporary fix, but the attacker can easily change their IPs.

upvoted 0 times

Wendell

4 months ago

I think C is the best option too. It targets the specific user agent string used by the attacker.

upvoted 0 times

...

Diane

4 months ago

C) Create an AWS WAF web ACL for the ALB. Create a custom rule that blocks requests that contain the user agent string of the device emulator.

upvoted 0 times

...

Terrilyn

4 months ago

I agree, blocking the user agent string directly will be more effective in the long run.

upvoted 0 times

...

Fausto

5 months ago

C) I agree, blocking the user agent string directly is a more effective long-term solution.

upvoted 0 times

...

Josefa

5 months ago

A) Create an Amazon CloudWatch alarm that reacts to login attempts that contain the specified user agent string. Add an Amazon Simple Notification Service (Amazon SNS) topic to the alarm.

upvoted 0 times

...

Carylon

5 months ago

I think C is the best option. Creating a custom rule to block requests with the user agent string seems like a solid solution.

upvoted 0 times

...

Dalene

5 months ago

C) Create an AWS WAF web ACL for the ALB. Create a custom rule that blocks requests that contain the user agent string of the device emulator.

upvoted 0 times

...

Levi

6 months ago

Option C seems like the most comprehensive solution. Blocking the specific user agent string while still allowing legitimate logins is a smart approach.

upvoted 0 times

Leigha

5 months ago

I agree, creating a custom rule in AWS WAF to block the requests with the user agent string of the device emulator is a good way to tackle the credential stuffing attack.

upvoted 0 times

...

Idella

5 months ago

Option C seems like the most comprehensive solution. Blocking the specific user agent string while still allowing legitimate logins is a smart approach.

upvoted 0 times

...