What cost-effective configuration change should the Administrator make to mitigate the risk of SQL injection attacks?
Configure Amazon GuardDuty to monitor the application for SQL injection threats.
Configure AWS WAF with a Classic Load Balancer for protection against SQL injection attacks.
Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.
Configure an Amazon CloudFront distribution with the Classic Load Balancer as the origin and subscribe to AWS Shield Standard.
Explanations:
Amazon GuardDuty is a threat detection service that identifies malicious activity, but it does not actively protect against SQL injection attacks on the application.
AWS WAF with a Classic Load Balancer cannot be used because AWS WAF is only supported with Application Load Balancers, API Gateway, and CloudFront distributions.
Replacing the Classic Load Balancer with an Application Load Balancer and configuring AWS WAF offers a cost-effective way to protect the application from SQL injection.
AWS Shield Standard provides DDoS protection but does not specifically protect against SQL injection attacks.
I outline that the answer is:
Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.
I deduce that the answer is:
Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.