AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company utilizes a load balancer to distribute traffic to Amazon EC2 instances within a single Availability Zone. They are concerned about security and require a solutions architect to redesign the system to fulfill the following criteria: • Inbound requests should be screened for common security vulnerabilities. • Rejected requests must be forwarded to a third-party auditing application. • All components must be highly available. Which architecture meets these requirements?
A
Set up a Multi-AZ Auto Scaling group using the application's AMI. Deploy an Application Load Balancer (ALB) and designate the previously created Auto Scaling group as the target. Utilize Amazon Inspector to monitor traffic to the ALB and EC2 instances. Establish a web ACL in WAF. Configure an AWS WAF using the web ACL and ALB. Implement an AWS Lambda function to regularly send the Amazon Inspector report to the third-party auditing application.
B
Deploy an Application Load Balancer (ALB) and include the EC2 instances as targets. Establish a web ACL in WAF. Set up an AWS WAF using the web ACL and ALB name, and enable logging with Amazon CloudWatch Logs. Utilize an AWS Lambda function to regularly send the logs to the third-party auditing application.
C
Set up an Application Load Balancer (ALB) with a target group that includes the EC2 instances as targets. Create an Amazon Kinesis Data Firehose with the destination set to the third-party auditing application. Establish a web ACL in WAF. Configure an AWS WAF using the web ACL and ALB, and enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, selecting the WAF as the subscriber.
D
Configure a Multi-AZ Auto Scaling group using the application's AMI. Deploy an Application Load Balancer (ALB) and designate the previously created Auto Scaling group as the target. Create an Amazon Kinesis Data Firehose with the destination set to the third-party auditing application. Establish a web ACL in WAF. Set up an AWS WAF using the WebACL and ALB, and enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, choosing the WAF as the subscriber.