🔥 3-day streak
Professional Cloud Security Engineer21 / 152
Question 21 of 152

A retail company exposes a public web application through an external HTTP(S) load balancer. Recently, the application was targeted by SQL injection attempts and a volumetric flood of malicious requests from a handful of specific IP ranges. The security team wants to block the known bad IP ranges, mitigate common OWASP Top 10 attacks like SQL injection, and rate-limit abusive clients — all without modifying application code. Which approach should they implement?

Reviewed for accuracy · Report an issueNext question