Which solution meets these requirements?

By:
In: SAP-C01
Tagged:
With: 1 Comment
A company uses a load balancer to distribute traffic to Amazon EC2 instances in a single Availability Zone.The company is concerned about security and wants a solutions architect to re-architect the solution to meet the following requirements:✑ Inbound requests must be filtered for common vulnerability attacks.✑ Rejected requests must be sent to a third-party auditing application.✑ All resources should be highly available.

Which solution meets these requirements?

Configure a Multi-AZ Auto Scaling group using the application’s AMI. Create an Application Load Balancer (ALB) and select the previously created Auto Scaling group as the target. Use Amazon Inspector to monitor traffic to the ALB and EC2 instances. Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB. Use an AWS Lambda function to frequently push the Amazon Inspector report to the third-party auditing application

Configure an Application Load Balancer (ALB) and add the EC2 instances as targets. Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB name and enable logging with Amazon CloudWatch Logs. Use an AWS Lambda function to frequently push the logs to the third-party auditing application.

Configure an Application Load Balancer (ALB) along with a target group adding the EC2 instances as targets. Create an Amazon Kinesis Data Firehose with the destination of the third-party auditing application. Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB then enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, choosing the WAF as the subscriber.

Configure a Multi-AZ Auto Scaling group using the application’s AMI Create an Application Load Balancer (ALB) and select the previously created Auto Scaling group as the target. Create an Amazon Kinesis Data Firehose with a destination of the third-party auditing application. Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB then enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, choosing the WAF as the subscriber.

Explanations:

Amazon Inspector is a vulnerability assessment tool, not designed for filtering inbound requests for common attacks or integrating directly with WAF. This option does not fully meet the requirements of filtering and forwarding logs.

This option lacks high availability as it does not mention a Multi-AZ setup or Auto Scaling. Additionally, using CloudWatch Logs alone may not support sending rejected requests directly to the third-party auditing application.

This configuration does not provide high availability since it does not mention a Multi-AZ Auto Scaling group. While it does configure Kinesis for auditing, it does not ensure redundancy or scalability for resource availability.

This option meets all requirements by using a Multi-AZ Auto Scaling group for high availability, WAF to filter requests, and Kinesis Data Firehose to forward rejected requests to the third-party auditing application.

2025-10-20

1 Comment

  1. Angela
    Author

    In my experience, the answer is:
    Configure a Multi-AZ Auto Scaling group using the application’s AMI Create an Application Load Balancer (ALB) and select the previously created Auto Scaling group as the target. Create an Amazon Kinesis Data Firehose with a destination of the third-party auditing application. Create a web ACL in WAF. Create an AWS WAF using the web ACL and ALB then enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, choosing the WAF as the subscriber.

Leave a Reply

Your email address will not be published. Required fields are marked *

seven + ten =