AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company is enhancing its online ordering application, which has recently seen an increase in attacks from malicious actors. The updated application will be hosted on an Amazon Elastic Container Service (Amazon ECS) cluster, with Amazon DynamoDB used for data storage. A public Application Load Balancer (ALB) will grant end users access to the application. To prevent attacks and ensure business continuity with minimal service interruptions during ongoing attacks, which two steps will be the most cost-effective solutions?
Explanation:
To meet the requirements of preventing attacks and ensuring business continuity with minimal service interruptions in a cost-effective manner, the correct options are A and E. Option A suggests creating an Amazon CloudFront distribution with the ALB as the origin, which adds a layer of protection and can help distribute traffic efficiently. This setup includes adding a custom header and random value to the CloudFront domain and configuring the ALB to conditionally forward traffic if the header and value match, helping to mitigate certain types of attacks. Option E involves deploying an AWS WAF web ACL with appropriate rule groups and associating it with the Amazon CloudFront distribution. AWS WAF provides robust security features that can filter and monitor HTTP requests to prevent common web exploits, thereby enhancing security. Together, these options help provide both enhanced security and improved performance, contributing to cost-effective business continuity strategies.