What is the MOST operationally efficient solution that meets these requirements?

By: study aws cloud

On: January 1, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

A company uses Amazon API Gateway to manage its REST APIs that third-party service providers access.The company must protect the REST APIs from SQL injection and cross-site scripting attacks.

What is the MOST operationally efficient solution that meets these requirements?

Configure AWS Shield.

Configure AWS WAF.

Set up API Gateway with an Amazon CloudFront distribution. Configure AWS Shield in CloudFront.

Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront.

Explanations:

AWS Shield provides DDoS protection but does not specifically address SQL injection or cross-site scripting attacks. It is not designed for application-layer security.

AWS WAF (Web Application Firewall) is designed to protect web applications from common web exploits, including SQL injection and cross-site scripting. It allows for customizable rules and can be directly integrated with API Gateway, making it operationally efficient for protecting REST APIs.

While setting up API Gateway with CloudFront and configuring AWS Shield can provide DDoS protection, it does not directly protect against SQL injection or cross-site scripting attacks. Shield alone is insufficient for these types of vulnerabilities.

Although setting up API Gateway with CloudFront and configuring AWS WAF does provide protection against SQL injection and cross-site scripting, this option does not explicitly state that WAF is configured for API Gateway, which is the main requirement. The option is less operationally efficient since WAF is not directly attached to API Gateway in this scenario.

Previous Post: Which AWS service will meet these requirements?

Next Post: Which AWS service can help protect the company website against these attacks?

Leave a Reply Cancel reply