A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A SysOps administrator must block the public IP address.
Which solution will meet this requirement?
To block a specific IP address, the use of AWS WAF (Web Application Firewall) is the most appropriate solution. By adding the malicious IP address to an IP set in AWS WAF, creating a web ACL, and including an IP set rule with the action set to BLOCK, you can effectively prevent traffic from that IP address from reaching the Application Load Balancer (ALB). AWS WAF is designed to manage and block specific types of traffic based on rules, including IP addresses, making it suited for this scenario.
D waf. “A” cannot be because security groups do not have deny rules.
D. meets ALL requirements for the question
D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.
S: WAF for blocking IP address
Ans is A
Sorry, it´s D
Security Groups only allows traffic to your resources, you can't block traffic using Security Groups. https://docs.aws.amazon.com/vpc/latest/userguide/security-groups.html
D: Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB. AWS Web Application Firewall (WAF) allows you to create rules to control which traffic is allowed or blocked to your web applications. By creating an IP set containing the malicious IP address and associating it with a web ACL with a BLOCK action, you effectively block the IP address from reaching the ALB. https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html (A) is wrong because Security Groups don't have Deny Rules.
a single malicious public IP address --> AWS WAF (Web Application Firewall) --> D.