Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 488 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 488
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company hosts its primary API on AWS by using an Amazon API Gateway API and AWS Lambda functions that contain the logic for the API methods. The company’s internal applications use the API for core functionality and business logic. The company’s customers use the API to access data from their accounts. Several customers also have access to a legacy API that is running on a single standalone Amazon EC2 instance.

The company wants to increase the security for these APIs to better prevent denial of service (DoS) attacks, check for vulnerabilities, and guard against common exploits.

What should a solutions architect do to meet these requirements?

  • A. Use AWS WAF to protect both APIs. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.
  • B. Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze both APIs. Configure Amazon GuardDuty to block malicious attempts to access the APIs.
  • C. Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.
  • D. Use AWS WAF to protect the API Gateway AP! Configure Amazon Inspector to protect the legacy API. Configure Amazon GuardDuty to block malicious attempts to access the APIs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zapper1234 at June 25, 2024, 7:50 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
ebbff63
Highly Voted 5 months ago
Selected Answer: C
GuardDuty only monitors but doesn't block malicious attempts. So answer is C
upvoted 10 times
...
Helpnosense
Highly Voted 4 months, 4 weeks ago
Selected Answer: C
Not A because the question only say "Several customers also have access to a legacy API that is running on a single standalone Amazon EC2 instance." There is no ALB or cloudfront mentioned so WAF can't be attached to EC2 directly.
upvoted 5 times
...
0b43291
Most Recent 1 week, 2 days ago
Selected Answer: C
The correct answer is Option C: Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs. Option C is the right choice because it directly addresses the requirement of increasing security for the API Gateway API by using AWS WAF to protect it from DoS attacks, vulnerabilities, and exploits. It also correctly suggests using Amazon Inspector to assess the security posture of the EC2 instance hosting the legacy API, and configures Amazon GuardDuty to monitor for malicious attempts across both APIs. In contrast, Option A does not explicitly mention protecting the API Gateway API and incorrectly suggests using Inspector to analyze the legacy API application itself.
upvoted 1 times
...
Danm86
1 month ago
Option C seems to be correct. In Option B, its mentioned AWS inspector to analyze both the gateway API and EC2 API. AWS inspector cannot directly monitor gateway API, it requires additional WAF configuration for it.
upvoted 1 times
...
gfhbox0083
4 months, 3 weeks ago
C, for sure. AWS GuardDuty is a monitoring and threat detection service and does not directly block malicious activities. GuardDuty is designed to continuously monitor and analyze your AWS accounts and workloads for potential threats using machine learning, anomaly detection, and integrated threat intelligence.
upvoted 1 times
...
mifune
5 months ago
Selected Answer: A
"The company wants to increase the security for these APIs to better prevent denial of service (DoS) attacks, check for vulnerabilities, and guard against common exploits.", so I understand that we have to protect BOTH, and GuardDuty does not block anything... The answer for me is A
upvoted 2 times
toma
4 months, 4 weeks ago
how are you going to attache WAF to ec2? :)
upvoted 3 times
...
...
zapper1234
5 months ago
B becuase this protects both API's
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel