What should a solutions architect do to meet these requirements?

By:
In: SAP-C01
Tagged:
With: 2 Comments
A company hosts its primary API on AWS by using an Amazon API Gateway API and AWS Lambda functions that contain the logic for the API methods.The company’s internal applications use the API for core functionality and business logic.The company’s customers use the API to access data from their accounts.Several customers also have access to a legacy API that is running on a single standalone Amazon EC2 instance.The company wants to increase the security for these APIs to better prevent denial of service (DoS) attacks, check for vulnerabilities, and guard against common exploits.

What should a solutions architect do to meet these requirements?

Use AWS WAF to protect both APIs. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze both APIs. Configure Amazon GuardDuty to block malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to protect the legacy API. Configure Amazon GuardDuty to block malicious attempts to access the APIs.

Explanations:

AWS WAF can protect the API Gateway, but Amazon Inspector does not provide real-time protection or analysis for APIs; it only assesses vulnerabilities for applications. GuardDuty is a threat detection service that monitors for malicious activity, but does not directly prevent access to APIs.

While AWS WAF can effectively protect the API Gateway API, Amazon Inspector is not suitable for real-time analysis of both APIs as it primarily focuses on vulnerability assessments. GuardDuty monitors for threats but does not block access directly.

AWS WAF provides protection for the API Gateway API against common exploits and DoS attacks. Amazon Inspector can be used to analyze the legacy API for vulnerabilities. GuardDuty can monitor for malicious attempts to access both APIs, allowing for timely response and enhanced security without blocking access.

AWS WAF protects the API Gateway, but using Amazon Inspector to “protect” the legacy API is incorrect, as it is meant for vulnerability assessment, not active protection. GuardDuty does not block access but rather monitors for malicious activities, so this option incorrectly states its functionality.

2026-03-18

2 Comments

  1. Kimberly
    Author

    From my point of view, the answer is:
    Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

  2. Edward
    Author

    I estimate that the answer is:
    Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

Leave a Reply

Your email address will not be published. Required fields are marked *

four × 1 =