ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 109 discussion

Exam question from Amazon's ANS-C00
Question #: 109
Topic #: 1
[All ANS-C00 Questions]

A company's web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further requests for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.
Which action should be taken to block more IP addresses, without compromising the existing security requirements?

  • A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
  • B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
  • C. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
  • D. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by adrianlee2593 at May 7, 2020, 8:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
adrianlee2593
Highly Voted 3 years, 8 months ago
C. Subnets can only be associated with one NACL
upvoted 23 times
...
CCNPWILL
Most Recent 2 years, 8 months ago
Selected Answer: C
C no brainer.
upvoted 1 times
...
clooudy
3 years ago
Selected Answer: C
Answer:C
upvoted 1 times
...
sapien45
3 years, 2 months ago
malicious IPs=AWS WAF. c
upvoted 1 times
...
kopper2019
3 years, 3 months ago
C all the way WAF is the way to go
upvoted 1 times
...
ChauPhan
3 years, 7 months ago
C. D is not possible You can associate a network ACL with multiple subnets. However, a subnet can be associated with only one network ACL at a time. When you associate a network ACL with a subnet, the previous association is removed.
upvoted 1 times
...
yijetef290
3 years, 8 months ago
C C C C C C C
upvoted 2 times
...
TigerDrev
3 years, 8 months ago
Can't be B since you can't block in a Security Group. Can't be D because of the previous comment. A may work, but I think C is probably better
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel