Which activity would be useful in defending against this attack?

A benefits enrollment company is hosting a 3-tier web application running in a VPC on AWS which includes a
NAT (Network Address Translation) instance in the public Web tier. There is enough provisioned capacity for
the expected workload tor the new fiscal year benefit enrollment period plus some extra overhead Enrollment
proceeds nicely for two days and then the web tier becomes unresponsive, upon investigation using
CloudWatch and other monitoring tools it is discovered that there is an extremely large and unanticipated
amount of inbound traffic coming from a set of 15 specific IP addresses over port 80 from a country where the
benefits company has no customers. The web tier instances are so overloaded that benefit enrollment
administrators cannot even SSH into them. Which activity would be useful in defending against this attack?

A benefits enrollment company is hosting a 3-tier web application running in a VPC on AWS which includes a
NAT (Network Address Translation) instance in the public Web tier. There is enough provisioned capacity for
the expected workload tor the new fiscal year benefit enrollment period plus some extra overhead Enrollment
proceeds nicely for two days and then the web tier becomes unresponsive, upon investigation using
CloudWatch and other monitoring tools it is discovered that there is an extremely large and unanticipated
amount of inbound traffic coming from a set of 15 specific IP addresses over port 80 from a country where the
benefits company has no customers. The web tier instances are so overloaded that benefit enrollment
administrators cannot even SSH into them. Which activity would be useful in defending against this attack?

A.
Create a custom route table associated with the web tier and block the attacking IP addresses from the IGW
(internet Gateway)

B.
Change the EIP (Elastic IP Address) of the NAT instance in the web tier subnet and update the Main Route
Table with the new EIP

C.
Create 15 Security Group rules to block the attacking IP addresses over port 80

D.
Create an inbound NACL (Network Access control list) associated with the web tier subnet with deny rules
to block the attacking IP addresses

Show Hint

Leave a Reply 11

Your email address will not be published. Required fields are marked *

GFY

GFY

Agree with Frank. D would be more appropriate.

Reply

Kumar G

Kumar G

am not convince about those answers A and D, since we may not deny any incoming by 15 specific IP addresses. But we can specify the CIDR block in both NACL and route table.

i think only B is correct here

Reply

Anthony

Anthony

Not correct because it won’t make any difference as it is not about the NAT EIPs. The web URL is there anyway so they can obtain the new addresses and still do their thing. It is about blocking the IPs.

Reply

Chef

Chef

D is the easiest solution with the quickest resolution time.

Reply

Srinivasu Muchcherla

Srinivasu Muchcherla

D

Reply

Kishore M V S

Kishore M V S

D is correct you can block ingres traffic from specified IPS using network ACLs

Reply

Amit

Amit

D is the only answer ,
Security group doesnot allow deny rules 🙂

Reply