ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 608 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 608
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has an application that serves clients that are deployed in more than 20.000 retail storefront locations around the world. The application consists of backend web services that are exposed over HTTPS on port 443. The application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). The retail locations communicate with the web application over the public internet. The company allows each retail location to register the IP address that the retail location has been allocated by its local ISP.

The company's security team recommends to increase the security of the application endpoint by restricting access to only the IP addresses registered by the retail locations.

What should a solutions architect do to meet these requirements?

  • A. Associate an AWS WAF web ACL with the ALB. Use IP rule sets on the ALB to filter traffic. Update the IP addresses in the rule to include the registered IP addresses.
  • B. Deploy AWS Firewall Manager to manage the ALConfigure firewall rules to restrict traffic to the ALModify the firewall rules to include the registered IP addresses.
  • C. Store the IP addresses in an Amazon DynamoDB table. Configure an AWS Lambda authorization function on the ALB to validate that incoming requests are from the registered IP addresses.
  • D. Configure the network ACL on the subnet that contains the public interface of the ALB. Update the ingress rules on the network ACL with entries for each of the registered IP addresses.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by taustin2 at Sept. 22, 2023, 11:12 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pentium75
Highly Voted 9 months, 3 weeks ago
Selected Answer: A
WAF, you can have 100 "rule sets" per account, each with up to 10,000 IP addresses. https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
upvoted 8 times
...
Karls
Most Recent 6 months, 2 weeks ago
Selected Answer: C AWS Lambda and DynamoDB to dynamically manage and validate incoming requests based on registered IP addresses. https://docs.aws.amazon.com/lambda/latest/dg/services-alb.html
upvoted 1 times
...
ferdzcruz
9 months, 1 week ago
web services and HTTPS = WAF
upvoted 4 times
...
awsgeek75
9 months, 2 weeks ago
Selected Answer: A
B: Looks like an incomplete solution for something different C: Not workable as Lambda for IP filtering means you have already allowed the request to pass through D NACL with entries for each registered IP is not possible.
upvoted 3 times
...
TariqKipkemei
11 months ago
Selected Answer: A
endpoint restriction by IP addresses = AWS WAF
upvoted 4 times
...
Passexam4sure_com
1 year ago
Selected Answer: A
Associate an AWS WAF web ACL with the ALB. Use IP rule sets on the ALB to filter traffic. Update the IP addresses in the rule to include the registered IP addresses.
upvoted 4 times
...
Sugarbear_01
1 year, 1 month ago
Selected Answer: A
AWS WAF cannot be directly associated with a Web Application. But, can only be associated with Application Load Balancer, CloudFront and API Gateway.
upvoted 4 times
...
taustin2
1 year, 1 month ago
Selected Answer: C
Changing answer to C because of "20000" IP addresses. Use Lambda with ALB.
upvoted 3 times
pentium75
9 months, 3 weeks ago
WAF allows 100 rule sets, each with up to 10,000 IP addresses, per account.
upvoted 2 times
...
potomac
11 months, 3 weeks ago
10,000 IP addresses For the latest version of AWS WAF, see AWS WAF. If you want to allow or block web requests based on the IP addresses that the requests originate from, create one or more IP match conditions. An IP match condition lists up to 10,000 IP addresses or IP address ranges that your requests originate from.
upvoted 2 times
...
bsbs1234
1 year ago
I will choose this answer if it is API Gateway. But I cannot figure out how to do lambda authentication on ALB. I will go A
upvoted 2 times
taustin2
1 year ago
You are right. I don't know of a way to use Lambda with ALB in this way. Answer is A.
upvoted 2 times
potomac
11 months, 3 weeks ago
ALB invokes Lambda function, sending the incoming data in JSON format. Lambda function performs task, returns HTTP response to ALB.
upvoted 1 times
potomac
11 months, 3 weeks ago
WAF seems still better
upvoted 3 times
...
...
...
...
...
Guru4Cloud
1 year, 1 month ago
Selected Answer: A
A. Associate an AWS WAF web ACL with the ALB. Use IP rule sets on the ALB to filter traffic. Update the IP addresses in the rule to include the registered IP addresses.
upvoted 3 times
...
taustin2
1 year, 1 month ago
Selected Answer: A
WAF meets the requirements.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago