A hugely popular video-sharing application is deployed on multiple EC2 instances in different AZs.
Amazon CloudFront is configured to provide minimum latency to global users accessing this web application.
Due to recent geopolitical tension, Security Team needs to provide the least preference for users accessing web applications from a list of countries sanctioned by law enforcement bodies.
There should not be any impact for users in other countries accessing this application.
Which of the following can be configured to meet this requirement with the least effort?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - A.
AWS WAF can be used with Amazon CloudFront to protect web applications from common attacks.
With AWS WAF, the following conditions can be used to deny traffic to web applications,
· Cross-Site Scripting.
· IP Address.
· Length of request.
· SQL injection.
· Geographic Match.
· String Match.
Also, AWS WAF provides rate limiting rules which consider the number of requests for match condition in 5 min interval.
In the above case, since the customer wants to provide the least preference for users from the list of countries, the Geographical match rule along with the Rate limiting rule can be implemented on AWS WAF.Option B is incorrect as using an IP address with AWS WAF will deny all user requests from a geographic location.
Option C is incorrect as Using an IP address will accurately block a request from a geographic location.
Option D is incorrect as string match will not be able to provide preference to users based upon geographic location.
For more information on using AWS WAF with Amazon CloudFront, refer to the following URLs.
https://aws.amazon.com/blogs/security/how-to-use-aws-waf-to-filter-incoming-traffic-from-embargoed-countries/ https://aws.amazon.com/about-aws/whats-new/2017/10/aws-waf-now-supports-geographic-match/The correct answer is A. Use AWS WAF Geographic Match & rate limiting match rules with Amazon CloudFront to provide the least preference to users from this list of countries while accessing the application.
Explanation:
To provide the least preference to users accessing the web application from a list of countries sanctioned by law enforcement bodies, we can use AWS WAF (Web Application Firewall) with Amazon CloudFront. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
CloudFront is a content delivery network (CDN) that can be used to distribute content to users with low latency and high data transfer speeds. By using CloudFront, we can improve the performance and security of the web application.
To implement the requirement, we can use the AWS WAF geographic match and rate limiting match rules to restrict access to users from the sanctioned countries. With the geographic match rule, we can block requests from specific geographic locations such as the sanctioned countries. With the rate limiting match rule, we can limit the number of requests from a particular IP address or a specific geographic location.
Option B is incorrect because blocking requests based on IP address match rules can cause false positives, as IP addresses can be easily spoofed or changed. Also, blocking requests based on IP address can have unintended consequences such as blocking legitimate traffic.
Option C is incorrect because using IP address and rate limiting match rules can result in false positives and can be easily bypassed by attackers using a distributed denial-of-service (DDoS) attack.
Option D is incorrect because using string match rules is not appropriate for blocking requests based on the country of origin. String matching is useful for detecting specific patterns in a request, but not for identifying the geographic location of the user.
In summary, to meet the requirement with the least effort, we can use AWS WAF geographic match and rate limiting match rules with Amazon CloudFront to provide the least preference to users from the list of sanctioned countries while not impacting users from other countries.