Which solution will meet these requirements with the LEAST amount of administrative effort?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region.A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.

Which solution will meet these requirements with the LEAST amount of administrative effort?

Set up AWS WAF in both Regions. Associate Regional web ACLs with an API stage.

Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.

Set up AWS Shield in bath Regions. Associate Regional web ACLs with an API stage.

Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.

Explanations:

While AWS WAF can be set up in both regions and associated with API stages to protect against SQL injection and XSS, it requires separate configuration in each region, which increases administrative effort.

AWS Firewall Manager allows for centralized management of AWS WAF rules across multiple accounts and regions, minimizing administrative overhead while providing effective protection against SQL injection and XSS.

AWS Shield primarily provides DDoS protection and does not directly protect against SQL injection and XSS. Additionally, it does not provide the centralized management capabilities that AWS WAF offers for this scenario.

Similar to option C, AWS Shield does not provide protection against SQL injection and XSS. Associating web ACLs is relevant for WAF, not Shield. Therefore, it does not meet the requirement of minimizing administrative effort for the specified attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − twenty =