A company website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. There is an Amazon CloudFront distribution in front of the ALB. Users are reporting performance problems. A security engineer discovers that the website is receiving a high rate of unwanted requests to the CloudFront distribution originating from a series of source IP addresses.
How should the security engineer address this problem?
A. Using AWS Shield, configure a deny rule with an IP match condition containing the source IPs of the unwanted requests.
B. Using Auto Scaling, configure the maximum an instance value to an increased count that will absorb the unwanted requests.
C. Using an Amazon VPC NACL, configure an inbound deny rule for each source IP CIDR address of the unwanted requests.
D. Using AWS WAF, configure a web ACL rate-based rule on the CloudFront distribution with a rate limit below that of the unwanted requests.
