AWS Certified SysOps Administrator SOA-C01 – Question588

Malicious traffic is reaching company web servers. A SysOps Administrator is tasked with blocking this traffic. The malicious traffic is distributed over many IP addresses and represents much higher traffic than is typically seen from legitimate users.
How should the Administrator protect the web servers?

A.
Create a security group for the web servers and add deny rules for malicious sources.
B. Set the network access control list for the web servers’ subnet and add deny entries.
C. Place web servers behind AWS WAF and establish the rate limit to create a blacklist.
D. Use Amazon CloudFront to cache all pages and remove the traffic from the web servers.