Free AWS SAP-C02 Actual Exam Questions - Question 7 Discussion

Maybe D could work since it blocks known bad IPs outright, but given the IPs change weekly, it might need constant updates which isn’t very operationally efficient. That makes B more attractive since rate-based rules automatically handle traffic spikes without manual intervention. Still, if the question emphasizes preventing overload with minimal ops work, B feels like the better fit because you don’t have to manage changing IP lists all the time.

B seems best since it auto-blocks based on traffic rate, no manual IP updates needed.

Option B handles dynamic IPs best without constant manual updates.

I agree that managing IP lists weekly would be a pain, so options A, C, and D seem less practical. The rate-based rule in B makes setting automatic limits on bad traffic straightforward without constant updates. It’s a cleaner way to handle the spikes and doesn’t rely on static IP blocking, which wouldn’t keep up with changing attacker IPs. B feels like the best fit for operational ease and adaptability here.

Probably B makes the most sense since the IP addresses change every week, so manually updating IP sets or security groups (like in A, C, or D) seems like a lot of overhead. Using a rate-based rule in WAF automatically blocks clients exceeding the threshold, so it handles new IPs dynamically without manual updates. Plus, it's directly integrated with the ALB, so it should efficiently stop the flood of failed attempts without blocking legit traffic.

Maybe B makes the most sense here with rate limiting to block excessive tries without manually updating IP lists. Sounds simpler and more efficient than managing security groups each week.