ExpertMedium1 markMultiple Choice
AWS SAP-C02 · Question 34 · Domain 2.3: Security Controls
A web application is deployed across multiple AWS Regions. The security team wants to protect the application from SQL injection and cross-site scripting (XSS) attacks globally using a single set of rules. Which architecture is MOST appropriate?
A web application is deployed across multiple AWS Regions. The security team wants to protect the application from SQL injection and cross-site scripting (XSS) attacks globally using a single set of rules. Which architecture is MOST appropriate?
Answer options:
A.
Deploy AWS WAF on Regional Application Load Balancers.
B.
Deploy AWS WAF on Amazon CloudFront.
C.
Use AWS Network Firewall in each region.
D.
Use Amazon GuardDuty to block malicious IPs.
How to approach this question
Identify the global deployment option for Layer 7 protection.
Full Answer
B.Deploy AWS WAF on Amazon CloudFront.✓ Correct
Deploy AWS WAF on Amazon CloudFront.
Deploying AWS WAF on Amazon CloudFront allows you to manage a single global web ACL that protects all regional endpoints.
Common mistakes
Deploying WAF on regional ALBs, which increases management overhead.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium