A company's web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further requests for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.
Which action should be taken to block more IP addresses, without compromising the existing security requirements?

A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.

B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.

C. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.

D. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.








 

Suggested Answer: D

Community Answer: C




This question is in ANS-C00 AWS Certified Advanced Networking – Specialty Exam
For getting AWS Certified Advanced Networking – Specialty Certificate

Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.