Which combination of solutions provides the MOST protection?

By: study aws cloud

On: January 9, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

A company is designing a cloud communications platform that is driven by APIs.The application is hosted on Amazon EC2 instances behind a Network Load Balancer (NLB).The company uses Amazon API Gateway to provide external users with access to the application through APIs.The company wants to protect the platform against web exploits like SQL injection and also wants to detect and mitigate large, sophisticated DDoS attacks.

Which combination of solutions provides the MOST protection?

(Choose two.)

Use AWS WAF to protect the NLB.

Use AWS Shield Advanced with the NLB.

Use AWS WAF to protect Amazon API Gateway.

Use Amazon GuardDuty with AWS Shield Standard

Use AWS Shield Standard with Amazon API Gateway.

Explanations:

AWS WAF cannot be directly used with a Network Load Balancer; it is designed to protect web applications, typically integrated with Amazon CloudFront or Application Load Balancers.

AWS Shield Advanced provides enhanced DDoS protection, making it a strong choice for protecting the NLB against sophisticated attacks.

AWS WAF can be effectively used to protect Amazon API Gateway, providing application-layer protection against exploits like SQL injection.

While GuardDuty is a threat detection service, it does not provide direct DDoS protection like AWS Shield does; thus, it is not the best option for the requirements specified.

AWS Shield Standard provides basic DDoS protection, but it is not sufficient alone for the level of protection desired against sophisticated attacks, especially when couple

Previous Post: Which solution will give the application the ability to access the new service?

Next Post: Which of the following approaches would meet this requirement?

Leave a Reply Cancel reply