New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 8 Question 17 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 17
Topic #: 8
[All SCS-C02 Questions]

A company has a web-based application that runs behind an Application Load Balancer (ALB). The application is experiencing a credential stuffing attack that is producing many failed login attempts. The attack is coming from many IP addresses. The login attempts are using a user agent string of a known mobile device emulator.

A security engineer needs to implement a solution to mitigate the credential stuffing attack. The solution must still allow legitimate logins to the application.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

To mitigate a credential stuffing attack against a web-based application behind an Application Load Balancer (ALB), creating an AWS WAF web ACL with a custom rule to block requests containing the known malicious user agent string is an effective solution. This approach allows for precise targeting of the attack vector (the user agent string of the device emulator) without impacting legitimate users. AWS WAF provides the capability to inspect HTTP(S) requests and block those that match defined criteria, such as specific strings in the user agent header, thereby preventing malicious requests from reaching the application.


by Katina at May 02, 2024, 10:25 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Fabiola
3 months ago
Not sure if just blocking user agents is enough, though.
upvoted 0 times
...
Kassandra
3 months ago
Definitely need to use WAF for this kind of attack!
upvoted 0 times
...
Glynda
3 months ago
Wait, can we really block all those IPs effectively?
upvoted 0 times
...
Rashida
4 months ago
I disagree, modifying the security group could work too.
upvoted 0 times
...
Frederica
4 months ago
Option C seems like the best choice to block those emulators.
upvoted 0 times
...
Holley
4 months ago
I feel like option D could work too, but it might be tricky to define all legitimate user agents. I’m leaning towards option C for its specificity.
upvoted 0 times
...
Cristal
4 months ago
I practiced a similar question where we had to block specific user agents. I think option C is the best because it targets the attack without affecting legitimate users.
upvoted 0 times
...
Rebbeca
4 months ago
I'm not entirely sure, but I think modifying the security group in option B might not be effective since the attack is coming from many different IPs.
upvoted 0 times
...
Krissy
5 months ago
I remember studying about AWS WAF and how it can help mitigate attacks like this. Option C seems like a solid choice since it directly addresses the user agent string.
upvoted 0 times
...
Peter
5 months ago
I'm a little unsure about the different AWS services mentioned. I'll need to review the details of each option to make sure I understand how they work and which one best meets the requirements.
upvoted 0 times
...
Frank
5 months ago
I'm feeling pretty confident about this one. The user agent string is a clear indicator of the attack, so creating a custom AWS WAF rule to block that seems like the most targeted and effective solution.
upvoted 0 times
...
Laurel
5 months ago
Okay, I think I've got this. The key is to find a solution that can block the credential stuffing attack without impacting legitimate logins. Option C seems like the best approach to me.
upvoted 0 times
...
Stephaine
5 months ago
This looks like a tricky one. I'll need to carefully consider the requirements and the different options to find the best solution.
upvoted 0 times
...
Britt
5 months ago
Hmm, I'm a bit confused by the options. I'll need to re-read the question and think through the pros and cons of each approach.
upvoted 0 times
...
Mitsue
5 months ago
Okay, the CIM is all about standardizing data across Splunk, so I'm pretty sure the answer is A. Normalizing data seems like the key function here.
upvoted 0 times
...
Fletcher
5 months ago
Simulation seems like it could be used for weather forecasting, but I'm not 100% confident. I'll mark that one for now and come back to it.
upvoted 0 times
...
Darrin
2 years ago
True, but the question says the attack uses a known mobile emulator. C makes sense then.
upvoted 0 times
...
Francesco
2 years ago
But won't C block all traffic from that user agent, even if it's legitimate?
upvoted 0 times
...
Dustin
2 years ago
Blocking the specific user agent string with AWS WAF seems more targeted.
upvoted 0 times
...
Felix
2 years ago
Why C? I think D could also work.
upvoted 0 times
...
Dustin
2 years ago
Yeah, it’s tricky. I'm leaning towards option C.
upvoted 0 times
...
Darrin
2 years ago
This question seems challenging, any thoughts?
upvoted 0 times
...

Save Cancel