exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 623 discussion

A company uses Amazon API Gateway to manage its REST APIs that third-party service providers access. The company must protect the REST APIs from SQL injection and cross-site scripting attacks.

What is the MOST operationally efficient solution that meets these requirements?

  • A. Configure AWS Shield.
  • B. Configure AWS WAF.
  • C. Set up API Gateway with an Amazon CloudFront distribution. Configure AWS Shield in CloudFront.
  • D. Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
taustin2
Highly Voted 1 year ago
Selected Answer: B
SQL Injection and Cross-Site Scripting = WAF so Either B or D. Both B and D are valid options but the question doesn't indicate a real need for CloudFront, so just use WAF with the API Gateway. Answer is B.
upvoted 14 times
...
awslearnerin2022
Highly Voted 1 year ago
Selected Answer: B
WAF helps with layer 7 attacks like SQL injection and XSS. Shield is helpful for DDOS attacks.
upvoted 8 times
...
marcosviniciuscb
Most Recent 3 days, 3 hours ago
Selected Answer: D
CloudFront no se elige por su caché ✅ No se elige por mejorar la latencia 🔐 Se elige porque es el único sitio donde puedes aplicar AWS WAF si usas REST API (v1) Entonces: Aunque CloudFront tenga caché y latencia optimizada, eso no es lo relevante aquí. Lo importante es que es el único recurso donde puedes colgar el WAF para proteger tu REST API.
upvoted 1 times
...
marcosviniciuscb
6 days, 4 hours ago
Option B is technically sound and more straightforward if you only want to protect a specific API. Option D is more scalable and operationally efficient, especially if you're building a modern architecture with multiple services and want protection from the edge. The question uses the keyword "MOST operationally efficient," so option D is the best.
upvoted 1 times
...
Salilgen
3 months ago
Selected Answer: B
https://aws.amazon.com/blogs/compute/amazon-api-gateway-adds-support-for-aws-waf/
upvoted 1 times
...
awsgeek75
8 months, 3 weeks ago
Selected Answer: B
WAF is good enough for SQL Injection and Cross Site scripting so A is good A: AWS Shield (basic) is not for SQL injection C: Same as A D: Good solution and will work but it provides extra DDoS protection and caching which is not needed (as we don't know much about the API also)
upvoted 3 times
...
pentium75
9 months ago
Selected Answer: B
Question asks for protection against SQL injection and XSS, both is provided by WAF (option B). D would work too, but it would add another layer (CloudFront) with benefits that nobody asked for (and that would cost money), thus it would IMO be less 'operationally efficient'.
upvoted 3 times
...
Naijaboy99
9 months ago
Selected Answer: D
D. Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront. Option A (Configure AWS Shield) is a DDoS protection service but doesn't specifically address SQL injection and cross-site scripting attacks. Option B (Configure AWS WAF) alone is a valid option, but integrating it with CloudFront (Option D) provides additional benefits like improved performance through caching. Option C (Set up API Gateway with CloudFront and configure AWS Shield in CloudFront) might provide DDoS protection, but for SQL injection and cross-site scripting, AWS WAF is the more appropriate service.
upvoted 5 times
LeonSauveterre
3 months, 2 weeks ago
In questions like this that mentioned "operationally efficient" or "operationally effective", aim for the indicated jobs only. We don't need additional benefits, so CloudFront is not a necessity here.
upvoted 1 times
...
...
TariqKipkemei
10 months ago
Selected Answer: B
SQL injection and cross-site scripting attacks = AWS WAF
upvoted 4 times
...
potomac
10 months, 4 weeks ago
Selected Answer: B
B or D But no need for CloudFront
upvoted 2 times
...
Sugarbear_01
11 months ago
Selected Answer: B
AWS WAF protect agains : Presence of SQL code that is likely to be malicious (known as SQL injection). Presence of a script that is likely to be malicious (known as cross-site scripting). AWS Shield provides protection against distributed denial of service (DDoS) attacks for AWS resources, at the network and transport layers (layer 3 and 4) and the application layer (layer 7). https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
upvoted 2 times
...
thanhnv142
11 months, 1 week ago
Finally, I am here at the end. Thank you guys for your support!
upvoted 5 times
...
Guru4Cloud
1 year ago
Selected Answer: B
B. Configure AWS WAF.
upvoted 5 times
...
aleariva
1 year ago
B is the correct. https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-xss-conditions.html
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago