AWS Certified SysOps Administrator SOA-C01 – Question770

A SysOps Administrator observes a large number of rogue HTTP requests on an Application Load Balancer (ALB). The requests originate from various IP addresses.
Which action should be taken to block this traffic?

A.
Use Amazon CloudFront to cache the traffic and block access to the web servers
B. Use Amazon GuardDuty to protect the web servers from bots and scrapers
C. Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups
D. Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold

Correct Answer: D

Explanation:

Explanation: AWS WAF has rules that can protect web applications from HTTP flood attacks.