Q100 — AWS SCS-C02 Ch.1
Question 100 of 100 | ← Chapter 1
; A company has a web-based application that runs behind an Application Load Balancer (ALB). The application is experiencing a credential stuffing attack that is producing many failed login attempts. The attack is coming from many IP addresses. The login attempts are using a user agent string of a known mobile device emulator. A security engineer needs to implement a solution to mitigate the credential stuffing attack. The solution must still allow legitimate logins to the application. Which solution will meet these requirements?
- A. Create an Amazon CloudWatch alarm that reacts to login attempts that contain the specified user agent string. Add an Amazon Simple Notification Service (Amazon SNS) topic to the alarm.  
- B. Modify the inbound security group on the ALB to deny traffic from the IP addresses that are involved in the attack.  
- C. Create an AWS WAF web ACL for the ALB. Create a custom rule that blocks requests that contain the user agent string of the device emulator.   ✓
- D. Create an AWS WAF web ACL for the ALB. Create a custom rule that allows requests from legitimate user agent strings.
Correct Answer: C. Create an AWS WAF web ACL for the ALB. Create a custom rule that blocks requests that contain the user agent string of the device emulator.  
Explanation
AWS WAF的规则配置允许基于特定HTTP头部(如User-Agent)进行请求过滤。题目中攻击的特征是使用特定User Agent,AWS WAF自定义规则直接阻止该User Agent能有效拦截攻击,同时不影响其他合法请求。选项C利用AWS WAF的阻断功能针对已知恶意特征,无需依赖IP列表或手动响应,符合高效缓解凭证填充的要求。选项A仅触发告警无主动防御;选项B因IP分散不适用;选项D使用允许列表可能过于宽泛或维护复杂。AWS安全最佳实践推荐使用WAF基于请求特征阻止攻击。