What should a solutions architect do to remediate the vulnerability?

By:
In: SAA-C02
Tagged:
With: 2 Comments
A web application is deployed in the AWS Cloud.It consists of a two-tier architecture that includes a web layer and a database layer.The web server is vulnerable to cross-site scripting (XSS) attacks.

What should a solutions architect do to remediate the vulnerability?

Create a Classic Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.

Create a Network Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.

Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.

Create an Application Load Balancer. Put the web layer behind the load balancer and use AWS Shield Standard.

Explanations:

A Classic Load Balancer does not support advanced features like AWS WAF, which is crucial for mitigating XSS attacks.

A Network Load Balancer is designed for handling TCP traffic and does not integrate with AWS WAF, making it unsuitable for XSS protection.

An Application Load Balancer (ALB) supports HTTP/HTTPS and can integrate with AWS WAF, which can help filter malicious requests and mitigate XSS vulnerabilities.

While an Application Load Balancer can be used, AWS Shield Standard primarily protects against DDoS attacks and does not specifically address XSS vulnerabilities.

2026-04-07

2 Comments

  1. Ronald
    Author

    I rank that the answer is:
    Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.

  2. Amber
    Author

    If I had to guess, I’d say the answer is:
    Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 2 =