AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
A company notices suspicious network activity against an application that is running on a fleet of Amazon EC2 instances. The suspicious activity is coming from a single IP address.
Which AWS service should the company use to block access from this IP address?
Exam-Like
Community
RRitesh
Explanation:
Explanation
AWS WAF (Web Application Firewall) is the correct choice among the given options because:
- AWS WAF allows you to create rules to block specific IP addresses from accessing your web applications
- It can be deployed on Amazon CloudFront distributions, Application Load Balancers (ALB), or API Gateway
- If the EC2 instances are behind an ALB or CloudFront distribution, AWS WAF can effectively block the suspicious IP address
Why the other options are incorrect:
- AWS Shield: This is a DDoS protection service that provides automatic protection against distributed denial-of-service attacks, but doesn't allow manual IP blocking
- AWS Config: This is a compliance and configuration management service that helps track resource configurations, not for blocking network traffic
- Amazon GuardDuty: This is a threat detection service that monitors for suspicious activity, but it doesn't directly block IP addresses - it generates findings that you need to act upon
Important Note: In real-world scenarios, for general EC2 instance traffic blocking (not just web traffic), Security Groups or Network ACLs would be more appropriate solutions. However, among the given options, AWS WAF is the most relevant service that can block specific IP addresses when properly configured.
Comments
Loading comments...