ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.2: Secure WorkloadsSecurityWAFALBWeb Security

AWS SAA-C03 · Question 03 · Domain 1.2: Secure Workloads

A company is designing a web application that will be hosted on AWS. The application will use an Application Load Balancer (ALB) and Amazon EC2 instances in an Auto Scaling group. The company wants to protect the application from SQL injection and cross-site scripting (XSS) attacks. <br/><br/>Which TWO actions should a solutions architect take to meet these requirements? (Select TWO.)

Answer options:

A.

Create an AWS WAF web ACL with managed rule groups for SQL injection and XSS.

B.

Configure Amazon GuardDuty to monitor the ALB for malicious traffic.

C.

Associate the AWS WAF web ACL with the ALB.

D.

Associate the AWS WAF web ACL with the EC2 instances.

E.

Enable AWS Shield Advanced on the EC2 instances.

How to approach this question

Identify the service that protects against Layer 7 attacks (WAF) and where it can be attached (ALB).

Full Answer

Create an AWS WAF web ACL with managed rule groups for SQL injection and XSS.<br/>Associate the AWS WAF web ACL with the ALB.
AWS WAF is a web application firewall that helps protect web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. It can be deployed on Application Load Balancers, Amazon CloudFront, and Amazon API Gateway.

Common mistakes

Thinking WAF can be attached directly to EC2 instances or confusing WAF with Shield.
02All questions04

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...EasyQ04A company is building a mobile app that requires users to authenticate using their social media a...HardQ05A solutions architect is designing a VPC for a three-tier web application. The database tier must...MediumQ06A company requires that all data stored in Amazon S3 must be encrypted at rest using keys managed...Easy
View all 65 questions →