ExpertMedium1 markMultiple Choice
AWS SAP-C02 · Question 70 · Domain 1.2: Security Controls
An architect is designing a secure ingress architecture for a web application. They need to protect against DDoS attacks, block malicious bots, and terminate SSL/TLS. Which THREE services should be combined at the edge? (Select THREE)
An architect is designing a secure ingress architecture for a web application. They need to protect against DDoS attacks, block malicious bots, and terminate SSL/TLS. Which THREE services should be combined at the edge? (Select THREE)
Answer options:
A.
Amazon CloudFront.
B.
AWS WAF.
C.
AWS Shield Advanced.
D.
AWS Network Firewall.
E.
Amazon GuardDuty.
F.
AWS KMS.
How to approach this question
Identify the edge security services.
Full Answer
CloudFront, WAF, and Shield Advanced form the standard AWS edge security architecture, providing SSL termination, Layer 7 protection, and DDoS mitigation.
Common mistakes
Including Network Firewall, which is a VPC-level control, not an edge control.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium