AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.
Which solution will meet these requirements with the LEAST amount of administrative effort?
Other
Community
UAnonymous
A
Set up AWS WAF in both Regions. Associate Regional web ACLs with an API stage.
B
Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.
C
Set up AWS Shield in both Regions. Associate Regional web ACLs with an API stage.
D
Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.
Explanation:
Explanation
Correct Answer: B
Why Option B is correct:
- AWS Firewall Manager is specifically designed for managing AWS WAF rules across multiple AWS accounts and resources from a central location.
- The requirement mentions protecting APIs "across multiple accounts" - Firewall Manager is the service designed for centralized security management across multiple AWS accounts.
- Firewall Manager allows you to centrally configure and manage AWS WAF rules, which can protect against SQL injection and cross-site scripting attacks.
- This approach requires the LEAST amount of administrative effort because you configure the WAF rules once centrally, and they apply to all accounts and regions.
Why other options are incorrect:
Option A: While AWS WAF can protect against SQL injection and XSS attacks, setting it up separately in both regions for multiple accounts would require manual configuration in each account and region, resulting in more administrative effort.
Option C & D: AWS Shield is a DDoS protection service, not designed to protect against SQL injection or cross-site scripting attacks. Shield protects against volumetric and application layer DDoS attacks, not injection attacks.
Key AWS Services:
- AWS WAF: Web Application Firewall that protects against common web exploits like SQL injection and XSS
- AWS Firewall Manager: Centralized security management service for configuring and managing AWS WAF rules across multiple accounts and resources
- AWS Shield: DDoS protection service (not relevant for SQL injection/XSS protection)
Best Practice: For managing security policies across multiple AWS accounts, use AWS Firewall Manager to centrally manage AWS WAF rules, which provides the least administrative overhead while maintaining consistent security posture.
Comments
Loading comments...