AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, and securing servers for its AWS environment.

What should a solutions architect recommend to meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Configure AWS WAF rules and associate them with the ALB.

Deploy the application using Amazon S3 with public hosting enabled.

Deploy AWS Shield Advanced and add the ALB as a protected resource.

Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.

Explanation:

Explanation

Correct Answer: A - Configure AWS WAF rules and associate them with the ALB.

Why this is correct:

AWS WAF (Web Application Firewall) is specifically designed to protect web applications from common web exploits like cross-site scripting (XSS) and SQL injection attacks.
Serverless and managed service: AWS WAF is a managed service that requires no infrastructure management, which aligns with the requirement to reduce operational overhead and server management responsibilities.
Direct integration with ALB: AWS WAF can be directly associated with Application Load Balancers, providing protection at the application layer.
Cost-effective: AWS WAF is more cost-effective than running third-party firewall software on EC2 instances.

Why other options are incorrect:

B. Deploy the application using Amazon S3 with public hosting enabled.

This doesn't address the requirement for traffic filtering or protection against application-level attacks.
S3 static website hosting is for static content only, not for dynamic mobile applications that require backend processing.

C. Deploy AWS Shield Advanced and add the ALB as a protected resource.

AWS Shield Advanced protects against DDoS attacks, not application-level attacks like XSS or SQL injection.
While it provides DDoS protection, it doesn't filter for specific application vulnerabilities.

D. Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.

This adds operational complexity and infrastructure management, which contradicts the requirement for minimal infrastructure and operational staff.
Requires managing, updating, and securing EC2 instances, increasing the company's operational responsibility.
More expensive and complex than using AWS WAF.

Key AWS Concepts:

AWS WAF: Managed web application firewall that protects web applications from common web exploits.
Shared Responsibility Model: AWS manages the infrastructure, while customers manage their applications and data.
Application Load Balancer (ALB): Operates at layer 7 (application layer) and can be integrated with AWS WAF for enhanced security.

Best Practice: For protecting web applications against common attacks with minimal operational overhead, AWS WAF is the recommended AWS service.

Powered ByGPT-5.2

Comments

Loading comments...