Skip to Content

AWS Certified SysOps Administrator Associate: Secure Your Web Applications with AWS WAF Blocking Malicious Traffic Effectively

By: Author Alex Lim

Posted on

Categories Exam

Learn how to leverage AWS Web Application Firewall (WAF) to protect your web applications hosted on EC2 instances behind an Application Load Balancer from malicious traffic, by effectively blocking suspicious IP addresses.

Table of Contents

Question

A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A SysOps administrator must block the public IP address.

Which solution will meet this requirement?

A. Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.
B. Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.
C. Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.
D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.

Answer

D. Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.

Explanation

AWS Web Application Firewall (WAF) is a service designed to protect web applications from common web exploits and malicious traffic. It allows you to define customizable web security rules to filter and block traffic based on various conditions, including IP addresses.

To block the malicious public IP address from accessing the web application, the following steps should be taken:

  1. Create an IP set in AWS WAF and add the suspicious IP address to the set.
  2. Create a new web Access Control List (ACL) or update an existing one.
  3. In the web ACL, create a rule that uses the IP set you created, and set the action to BLOCK.
  4. Associate the web ACL with the Application Load Balancer (ALB) in front of the EC2 instances.

By following this approach, AWS WAF will inspect all incoming traffic to the ALB and block any requests originating from the specified malicious IP address, effectively preventing the malicious traffic from reaching the web application.

Other options are not suitable or efficient for this specific requirement:

A. Using a security group rule would only block traffic at the instance level, not at the load balancer level. B. Amazon Detective is a service for investigating potential security issues, not for blocking traffic. C. AWS Resource Access Manager (RAM) is used for sharing resources across AWS accounts, not for traffic filtering or blocking.

Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.