A company is designing a web application that will be hosted on AWS. The application will use an Application Load Balancer (ALB) and Amazon EC2 instances in an Auto Scaling group. The company wants to protect the application from SQL injection and cross-site scripting (XSS) attacks. <br/><br/>Which TWO actions should a solutions architect take to meet these requirements? (Select TWO.)

Answer options:

A.

Create an AWS WAF web ACL with managed rule groups for SQL injection and XSS.

B.

Configure Amazon GuardDuty to monitor the ALB for malicious traffic.

C.

Associate the AWS WAF web ACL with the ALB.

D.

Associate the AWS WAF web ACL with the EC2 instances.

E.

Enable AWS Shield Advanced on the EC2 instances.

How to approach this question

Identify the service that protects against Layer 7 attacks (WAF) and where it can be attached (ALB).

Full Answer

AWS WAF is a web application firewall that helps protect web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. It can be deployed on Application Load Balancers, Amazon CloudFront, and Amazon API Gateway.

Common mistakes

Thinking WAF can be attached directly to EC2 instances or confusing WAF with Shield.

Question 02 All questions Question 04

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...Easy Q04A company is building a mobile app that requires users to authenticate using their social media a...Hard Q05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium Q06A company requires that all data stored in Amazon S3 must be encrypted at rest using keys managed...Easy

View all 65 questions →