Home › Forums › AWS › AWS Certified Solutions Architect Associate › Practice exam 1 Q30 answer
-
Practice exam 1 Q30 answer
-
Hi, I would like to be clarified about the answer of the Practice exam 1 Q30.
The answer is “Create a rate-based rule in AWS WAF and associate the web ACL to an Application Load Balancer”. From my understanding, the rate-based rule is suitable for controlling the request rate from a single IP address or a limited set of IP addresses. However, the question mentioned that the illegitimate requests are “from multiple systems with IP addresses that constantly change”. So I wonder if the answer actually satisfy the question’s requirement? Thanks. -
Hello CP9,
Setting an IP address to whitelist/blacklist in AWS WAF is optional. You can set and combine conditions other than IP matching, such as inspecting for a specific header value, query parameters, body, method, etc, in a request. Matching requests will count towards the rate-limit threshold that you configure. For example, in a typical DDoS attack it’s quite common for requests to exhibit similar access patterns. In such cases, AWS WAF can effectively block them even without knowing the specific IP addresses.
Let me know if this helps.
Regards,
Carlo @ Tutorials Dojo -
Hi Carlo,
Thank you for the clarification. It helped answer my question clearly 🙂
Log in to reply.