Which combination of solutions provides the MOST protection?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A company is designing a cloud communications platform that is driven by APIs.The application is hosted on Amazon EC2 instances behind a Network LoadBalancer (NLB).The company uses Amazon API Gateway to provide external users with access to the application through APIs.The company wants to protect the platform against web exploits like SQL injection and also wants to detect and mitigate large, sophisticated DDoS attacks.

Which combination of solutions provides the MOST protection?

(Choose two.)

Use AWS WAF to protect the NLB.

Use AWS Shield Advanced with the NLB.

Use AWS WAF to protect Amazon API Gateway.

Use Amazon GuardDuty with AWS Shield Standard.

Use AWS Shield Standard with Amazon API Gateway.

Explanations:

AWS WAF cannot be directly associated with a Network Load Balancer (NLB). AWS WAF can only protect resources like Amazon CloudFront distributions or Amazon API Gateway.

AWS Shield Advanced provides enhanced DDoS protection specifically designed for more sophisticated and larger attacks. It is effective when used with the NLB to protect against such threats.

Using AWS WAF with Amazon API Gateway is an effective way to protect against web exploits like SQL injection and cross-site scripting (XSS). AWS WAF can filter incoming requests to API Gateway based on predefined rules.

While Amazon GuardDuty can provide threat detection, it does not directly mitigate DDoS attacks. AWS Shield Standard offers automatic DDoS protection, but it is not a combination with GuardDuty that fulfills the requirement.

AWS Shield Standard offers basic DDoS protection, but it does not provide the advanced features available with Shield Advanced. Additionally, Shield Standard does not directly protect Amazon API Gateway.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 + fifteen =