Exam ANS-C00 topic 1 question 45 discussion

"C" is the correct answer

Correct AnswerB

C is right

random IPs, WAF then

C is right

C; is a feasible answer, he Ips are random so you can't use NACLs nor SGs.

The answer is C NACL cant be cant be an option here due to the fact that its current quota is 20 rules per NACL including implicit deny rule. However you can have 200 NACLs per VPC.

b is not an answer as there is a limit on the number of rules per ACL and we don't know if these ip's are even in the same range. C is the right answer 20/40 rules peR ACL https://www.totalcloud.io/blog/5-not-to-ignore-best-practices-for-aws-nacls-network-access-control-lists#:~:text=%E2%80%93%20There%20is%20a%20default%20limit,ACLs%20per%20VPC%20is%20200.

Ans is C "Random" IPs so you cannot scalably put rules in NACLs, also not best practice for AWS to have that large amount of NACLs. "AWS WAF, which functions like a typical web application firewall, but with the added reliability and scalability that comes with being an AWS-managed service."

C its correct!

It's C all day long https://aws.amazon.com/blogs/security/how-to-use-aws-waf-to-filter-incoming-traffic-from-embargoed-countries/ and https://docs.aws.amazon.com/waf/latest/developerguide/classic-tutorials-4xx-blocking.html

maximum 20 rules per NACL, I would go for C

It even says scalability,if we use nacl we need to just remove the add a default rule to deny everything.WAF would definetely help to scale

I think it's B.