What cost-effective configuration change should the Administrator make to mitigate the risk of SQL injection attacks?

By:
In: SOA-C01
Tagged:
With: 1 Comment
A SysOps Administrator is deploying a legacy web application on AWS.The application has four Amazon EC2 instances behind a Classic Load Balancer and stores data in an Amazon RDS instance.The legacy application has known vulnerabilities to SQL injection attacks, but the application code is no longer available to update.

What cost-effective configuration change should the Administrator make to mitigate the risk of SQL injection attacks?

Configure Amazon GuardDuty to monitor the application for SQL injection threats.

Configure AWS WAF with a Classic Load Balancer for protection against SQL injection attacks.

Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.

Configure an Amazon CloudFront distribution with the Classic Load Balancer as the origin and subscribe to AWS Shield Standard.

Explanations:

Amazon GuardDuty is a threat detection service that identifies malicious activity, but it does not actively protect against SQL injection attacks on the application.

AWS WAF with a Classic Load Balancer cannot be used because AWS WAF is only supported with Application Load Balancers, API Gateway, and CloudFront distributions.

Replacing the Classic Load Balancer with an Application Load Balancer and configuring AWS WAF offers a cost-effective way to protect the application from SQL injection.

AWS Shield Standard provides DDoS protection but does not specifically protect against SQL injection attacks.

2025-10-06

1 Comment

  1. Alice
    Author

    I outline that the answer is:
    Replace the Classic Load Balancer with an Application Load Balancer and configure AWS WAF on the Application Load Balancer.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × two =