There are currently multiple applications hosted in a VPC. During monitoring, it has been noticed that multiple port scans are coming in from specific IP addresses on the internet. The internal security team has requested that all offending IP Addresses be denied for the next 24 hours. Which of the following can be used to deny access from the specific IP addresses?

Answer options:

A.Add a blacklist of IP addresses in the Elastic Load Balancer.
B.Modify the web ACL to deny the incoming requests from the IP addresses.
C.Add a rule to all of the VPC Security Groups to deny access from the IP Address block.
D.Add a blacklist of IP addresses in Route 53 to block the traffic.

Answer – B
Option A is incorrect because you cannot perform such an operation in ELB.Option B is CORRECT because you can modify the web ACL to block requests from the IP addresses.
Option C is incorrect because Security Groups cannot be configured to block traffic from IP addresses. Only "Allow" can be configured in Security Groups.
Option D is incorrect because you cannot block the traffic based on IP addresses in Route 53.
For more information on WAF, please visit the below URL:
https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html