ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 777 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 777
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company maintains a restaurant review website. The website is a single-page application where files are stored in Amazon S3 and delivered using Amazon
CloudFront. The company receives several fake postings every day that are manually removed.
The security team has identified that most of the fake posts are from bots with IP addresses that have a bad reputation within the same global region. The team needs to create a solution to help restrict the bots from accessing the website.
Which strategy should a solutions architect use?

  • A. Use AWS Firewall Manager to control the CloudFront distribution security settings. Create a geographical block rule and associate it with Firewall Manager.
  • B. Associate an AWS WAF web ACL with the CloudFront distribution. Select the managed Amazon IP reputation rule group for the web ACL with a deny action.
  • C. Use AWS Firewall Manager to control the CloudFront distribution security settings. Select the managed Amazon IP reputation rule group and associate it with Firewall Manager with a deny action.
  • D. Associate an AWS WAF web ACL with the CloudFront distribution. Create a rule group for the web ACL with a geographical match statement with a deny action.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mate_kims at Aug. 20, 2021, 3:33 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rmukh
Highly Voted 3 years, 8 months ago
Answer is B
upvoted 12 times
sergioandreslq
3 years, 8 months ago
B: WAF with CloudFront using WebACL with Amazon IP reputation List which: IP reputation rule groups allow you to block requests based on their source. Choose one or more of these rule groups if you want to reduce your exposure to BOTS!!!! traffic or exploitation attempts
upvoted 6 times
...
...
evargasbrz
Most Recent 2 years, 5 months ago
Selected Answer: B
I'll go with B
upvoted 1 times
...
azure_kai
3 years, 1 month ago
Selected Answer: B
B https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html
upvoted 1 times
...
pititcu667
3 years, 3 months ago
Selected Answer: B
You really do not need the firewall manager. It makes no mention of multiple accounts, hence waf with reputation is good enough.
upvoted 2 times
...
HellGate
3 years, 4 months ago
my answer is C. I think WAF is good combination with CloudFront but WAF is best at blocking massive attacks like DDoS. Question is about blocking fraudulent postings, so AWS Firewall Manager can be proper choice over WAF.
upvoted 1 times
futen0326
3 years, 4 months ago
WAF = SQL Injections, Cross-Site Scripting, Geolocation Blocks, Rate Awareness AWS Shield = Provides AWS resources with DDoS protection
upvoted 1 times
...
...
AzureDP900
3 years, 6 months ago
B is right
upvoted 1 times
...
andylogan
3 years, 7 months ago
It's B
upvoted 1 times
...
andylogan
3 years, 7 months ago
It's B
upvoted 1 times
...
student22
3 years, 7 months ago
B The Amazon IP reputation list rule group contains rules that are based on Amazon internal threat intelligence. This is useful if you would like to block IP addresses typically associated with bots or other threats. Inspects for a list of IP addresses that have been identified as bots by Amazon threat intelligence.
upvoted 2 times
...
tgv
3 years, 7 months ago
BBB ---
upvoted 3 times
...
denccc
3 years, 7 months ago
It's B
upvoted 1 times
...
blackgamer
3 years, 7 months ago
IT is B.
upvoted 1 times
...
blackgamer
3 years, 8 months ago
It is B. IT Reputation rule.
upvoted 1 times
...
dotchi
3 years, 8 months ago
I will go with D. IP reputation comes from Threat intelligence, this is not mentioned as the source.
upvoted 1 times
blackgamer
3 years, 7 months ago
D is wrong, the IP coming from same region, only that those IPs are in bad reputation IP list.
upvoted 1 times
...
...
mericov
3 years, 8 months ago
I would say D - reason: "that have a bad reputation within the same global region"
upvoted 2 times
zolthar_z
3 years, 8 months ago
If You use Geo Match Will block the entire region. Even You can add whitelist... For this escenario is better answer B
upvoted 3 times
...
...
pkboy78
3 years, 8 months ago
yes I think it is B
upvoted 4 times
...
mate_kims
3 years, 8 months ago
my answer is B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel