What should the SysOps administrator do to prevent similar attacks?
Create an Amazon CloudFront distribution with the ALB as the origin. Enable AWS Shield Advanced to protect from SQL injection attacks at edge locations.
Create an AWS WAF web ACL, and configure a SQL injection rule to add to the web ACL. Associate the WAF web ACL with the ALB.
Enable Amazon GuardDuty. Use Amazon EventBridge (Amazon CloudWatch Events) to trigger an AWS Lambda function every time GuardDuty detects SQL injection.
Install Amazon Inspector on the EC2 instances, and configure a rules package. Use the findings reports to identify and block SQL injection attacks.
Explanations:
AWS Shield Advanced protects against DDoS attacks but does not specifically target SQL injection. CloudFront would help with distribution but does not provide protection against SQL injection attacks directly.
AWS WAF is specifically designed to protect against web application attacks such as SQL injection. By configuring a SQL injection rule and associating the web ACL with the ALB, the SysOps administrator can prevent these attacks.
GuardDuty detects threats such as unauthorized access and suspicious behavior but does not specifically detect or block SQL injection attacks. Additionally, GuardDuty cannot prevent attacks on its own.
Amazon Inspector is used to assess vulnerabilities on EC2 instances, but it does not actively block SQL injection attacks. It focuses on security assessments, not real-time protection from web attacks.
I rate that the answer is:
Create an AWS WAF web ACL, and configure a SQL injection rule to add to the web ACL. Associate the WAF web ACL with the ALB.
I suspect that the answer is:
Create an AWS WAF web ACL, and configure a SQL injection rule to add to the web ACL. Associate the WAF web ACL with the ALB.