What should a solutions architect do to meet these requirements?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A company hosts its primary API on AWS by using an Amazon API Gateway API and AWS Lambda functions that contain the logic for the API methods.The company’s internal applications use the API for core functionality and business logic.The company’s customers use the API to access data from their accounts.Several customers also have access to a legacy API that is running on a single standalone Amazon EC2 instance.The company wants to increase the security for these APIs to better prevent denial of service (DoS) attacks, check for vulnerabilities, and guard against common exploits.

What should a solutions architect do to meet these requirements?

Use AWS WAF to protect both APIs. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze both APIs. Configure Amazon GuardDuty to block malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway AP! Configure Amazon Inspector to protect the legacy API. Configure Amazon GuardDuty to block malicious attempts to access the APIs.

Explanations:

While AWS WAF can protect both APIs and Amazon GuardDuty can monitor for malicious attempts, Amazon Inspector is not applicable for analyzing the legacy API running on a standalone EC2 instance. Instead, it is primarily used for assessing vulnerabilities in Amazon EC2 instances and container images. Thus, this option does not fully meet the security needs for both APIs.

This option correctly uses AWS WAF for the API Gateway API and mentions Amazon Inspector for analyzing both APIs. However, it incorrectly states that GuardDuty can block malicious attempts. GuardDuty is a monitoring service and can provide alerts but does not have the capability to block access; that is the function of WAF.

This option appropriately applies AWS WAF to the API Gateway API for protection and configures Amazon Inspector to analyze the legacy API, ensuring that both APIs are considered. Additionally, GuardDuty is used to monitor for malicious attempts to access both APIs, fulfilling the security requirements comprehensively.

Similar to other options, while AWS WAF is correctly applied to the API Gateway API, Amazon Inspector’s role is misrepresented. Inspector is not designed to protect but to assess vulnerabilities. GuardDuty is also incorrectly mentioned as having blocking capabilities, which it does not possess. Thus, it fails to meet the security requirements accurately.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × two =