Which activity would be useful in defending against thi…

A benefits enrollment company is hosting a 3-tier web application running in a VPC on AWS
which includes a NAT (Network Address Translation) instance in the public Web tier. There is
enough provisioned capacity for the expected workload for the new fiscal year benefit enrollment
period plus some extra overhead. Enrollment proceeds nicely for a few days and then the web
tier becomes unresponsive. Upon investigation using CloudWatch and other monitoring tools it is
discovered that there is an extremely large and unanticipated amount of inbound traffic coming
from a set of 15 specific IP addresses over port 80 from a country where the benefits company
has no customers. The web tier instances are so overloaded that benefit enrollment
administrators cannot even SSH into them.
Which activity would be useful in defending against this attack?

A benefits enrollment company is hosting a 3-tier web application running in a VPC on AWS
which includes a NAT (Network Address Translation) instance in the public Web tier. There is
enough provisioned capacity for the expected workload for the new fiscal year benefit enrollment
period plus some extra overhead. Enrollment proceeds nicely for a few days and then the web
tier becomes unresponsive. Upon investigation using CloudWatch and other monitoring tools it is
discovered that there is an extremely large and unanticipated amount of inbound traffic coming
from a set of 15 specific IP addresses over port 80 from a country where the benefits company
has no customers. The web tier instances are so overloaded that benefit enrollment
administrators cannot even SSH into them.
Which activity would be useful in defending against this attack?

A.
Change the EIP (Elastic IP Address) of the NAT instance in the Web tier subnet and update the
Main Route Table with the new EIP

B.
Create 15 Security Group rules to block the attacking IP addresses over port 80

C.
Create a custom route table associated with the Web tier and block the attacking IP addresses
from the IGW (Internet Gateway)

D.
Create an inbound NACL (Network Access Control List) associated with the Web tier subnet with
deny rules to block the attacking IP addresses

Explanation:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_NACLs.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *