Amazon Exam SCS-C02 Topic 8 Question 17 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 17
Topic #: 8

A company has a web-based application that runs behind an Application Load Balancer (ALB). The application is experiencing a credential stuffing attack that is producing many failed login attempts. The attack is coming from many IP addresses. The login attempts are using a user agent string of a known mobile device emulator.

A security engineer needs to implement a solution to mitigate the credential stuffing attack. The solution must still allow legitimate logins to the application.

Which solution will meet these requirements?

ACreate an Amazon CloudWatch alarm that reacts to login attempts that contain the specified user agent string. Add an Amazon Simple Notification Service (Amazon SNS) topic to the alarm.

BModify the inbound security group on the ALB to deny traffic from the IP addresses that are involved in the attack.

CCreate an AWS WAF web ACL for the ALB. Create a custom rule that blocks requests that contain the user agent string of the device emulator.

DCreate an AWS WAF web ACL for the ALB Create a custom rule that allows requests from legitimate user agent strings

Show Suggested Answer

Suggested Answer: C

To mitigate a credential stuffing attack against a web-based application behind an Application Load Balancer (ALB), creating an AWS WAF web ACL with a custom rule to block requests containing the known malicious user agent string is an effective solution. This approach allows for precise targeting of the attack vector (the user agent string of the device emulator) without impacting legitimate users. AWS WAF provides the capability to inspect HTTP(S) requests and block those that match defined criteria, such as specific strings in the user agent header, thereby preventing malicious requests from reaching the application.

by Katina at May 02, 2024, 10:25 PM

Limited Time Offer

25%

6 months ago

This question seems challenging, any thoughts?

upvoted 0 times

...