ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 210 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 210
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has an internal web-based application that employees use. The company hosts the application over a VPN in the company’s on-premises network. The application runs on a fleet of Amazon EC2 instances in a private subnet behind a Network Load Balancer (NLB) in the same subnet. The instances are in an Amazon EC2 Auto Scaling group.

During a recent security incident, SQL injection occurred on the application. A network engineer must implement a solution to prevent SQL injection attacks in the future.

Which combination of steps will meet these requirements? (Choose three.)

  • A. Create an AWS WAF web ACL that includes rules to block SQL injection attacks.
  • B. Create an Amazon CloudFront distribution. Specify the EC2 instances as the origin.
  • C. Replace the NLB with an Application Load Balancer.
  • D. Associate the AWS WAF web ACL with the NLB.
  • E. Associate the AWS WAF web ACL with the Application Load Balancer.
  • F. Associate the AWS WAF web ACL with the Amazon CloudFront distribution.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
by Cacheirez at Aug. 13, 2024, 8:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
woorkim
4 months, 1 week ago
Selected Answer: ACE
While CloudFront can be used as a content delivery network (CDN), it is not necessary in this case. CloudFront is typically used to distribute content to end users with low latency, but it is not required to protect against SQL injection attacks if AWS WAF is applied directly to the ALB.
upvoted 1 times
...
AlohaEva
7 months, 3 weeks ago
Selected Answer: ACE
NLB is a Layer 3/4 component WAF is a Layer 7 protection component WAF is not capable of acting on the content of not terminated TLS session (encrypted data) WAF is only available for ALB. So, consider changing NLB to ALB and use WAF with ALB
upvoted 3 times
...
cas_tori
8 months ago
Selected Answer: ACE
this is ACE
upvoted 1 times
...
aragon_saa
8 months, 2 weeks ago
Answer is ACE
upvoted 1 times
...
Cacheirez
8 months, 2 weeks ago
Selected Answer: ACE
AWS WAF (Web Application Firewall) can help protect your application from common web exploits, including SQL injection. By creating a web ACL (Access Control List) with rules specifically designed to detect and block SQL injection attempts, you can add a layer of protection to your application. AWS WAF can only be associated with an Application Load Balancer (ALB), not a Network Load Balancer (NLB). Replacing the NLB with an ALB is necessary to enable WAF protection for your web application. Once the ALB is in place, you can associate the AWS WAF web ACL with the ALB. This ensures that incoming traffic is inspected by the WAF rules, providing protection against SQL injection attacks.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago