A company is hosting a public-facing web application on EC2 instances behind an Application Load Balancer. They want to protect the application from SQL injection, cross-site scripting (XSS), and volumetric DDoS attacks. Which combination of services provides the MOST comprehensive protection?

Answer options:

Amazon GuardDuty and AWS Network Firewall.

AWS WAF attached to the ALB, and AWS Shield Advanced.

Security groups on the EC2 instances and AWS Shield Standard.

AWS Certificate Manager (ACM) and Amazon Macie.

How to approach this question

Match Layer 7 threats (SQLi) to WAF, and DDoS threats to Shield Advanced.

Full Answer

B.AWS WAF attached to the ALB, and AWS Shield Advanced.✓ Correct

AWS WAF protects web applications from common web exploits like SQL injection and XSS. AWS Shield Advanced provides expanded DDoS attack protection for web applications running on AWS.

Common mistakes

Thinking Network Firewall can inspect HTTP payloads for SQL injection as easily as WAF.

Question 22 All questions Question 24

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →