Answer: Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.

## Explanation **Correct Answer: B** **Why Option B is correct:** 1. **AWS Firewall Manager** is specifically designed for managing AWS WAF rules across multiple AWS accounts and resources from a central location. 2. The requirement mentions protecting APIs "across multiple accounts" - Firewall Manager is the service designed for centralized security management across multiple AWS accounts. 3. Firewall Manager allows you to centrally configure and manage AWS WAF rules, which can protect against SQL injection and cross-site scripting attacks. 4. This approach requires the **LEAST amount of administrative effort** because you configure the WAF rules once centrally, and they apply to all accounts and regions. **Why other options are incorrect:** **Option A:** While AWS WAF can protect against SQL injection and XSS attacks, setting it up separately in both regions for multiple accounts would require manual configuration in each account and region, resulting in more administrative effort. **Option C & D:** AWS Shield is a DDoS protection service, not designed to protect against SQL injection or cross-site scripting attacks. Shield protects against volumetric and application layer DDoS attacks, not injection attacks. **Key AWS Services:** - **AWS WAF:** Web Application Firewall that protects against common web exploits like SQL injection and XSS - **AWS Firewall Manager:** Centralized security management service for configuring and managing AWS WAF rules across multiple accounts and resources - **AWS Shield:** DDoS protection service (not relevant for SQL injection/XSS protection) **Best Practice:** For managing security policies across multiple AWS accounts, use AWS Firewall Manager to centrally manage AWS WAF rules, which provides the least administrative overhead while maintaining consistent security posture.

Author: LeetQuiz Editorial Team