ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 472 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 472
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

As a part of building large applications in the AWS Cloud, the Solutions Architect is required to implement the perimeter security protection. Applications running on AWS have the following endpoints:
✑ Application Load Balancer
✑ Amazon API Gateway regional endpoint
✑ Elastic IP address-based EC2 instances.
✑ Amazon S3 hosted websites.
✑ Classic Load Balancer
The Solutions Architect must design a solution to protect all of the listed web front ends and provide the following security capabilities:
✑ DDoS protection
✑ SQL injection protection
✑ IP address whitelist/blacklist
✑ HTTP flood protection
✑ Bad bot scraper protection
How should the Solutions Architect design the solution?

  • A. Deploy AWS WAF and AWS Shield Advanced on all web endpoints. Add AWS WAF rules to enforce the company's requirements.
  • B. Deploy Amazon CloudFront in front of all the endpoints. The CloudFront distribution provides perimeter protection. Add AWS Lambda-based automation to provide additional security.
  • C. Deploy Amazon CloudFront in front of all the endpoints. Deploy AWS WAF and AWS Shield Advanced. Add AWS WAF rules to enforce the company's requirements. Use AWS Lambda to automate and enhance the security posture.
  • D. Secure the endpoints by using network ACLs and security groups and adding rules to enforce the company's requirements. Use AWS Lambda to automatically update the rules.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Lee at Sept. 18, 2019, 12:15 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 3 years, 7 months ago
C All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications. When you use AWS Shield Standard with Amazon CloudFront and Amazon Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.
upvoted 26 times
...
Lee
Highly Voted 3 years, 7 months ago
C is the correct answer. CloudFront also can solve a partial DDoS attack.
upvoted 13 times
dpvnme
3 years, 7 months ago
yep, cloudfront helps
upvoted 4 times
...
...
SkyZeroZx
Most Recent 1 year, 10 months ago
Selected Answer: C
DDoS protection == AWS Shield SQL injection protection == AWS WAF IP address whitelist/blacklist == AWS WAF HTTP flood protection == AWS Shield
upvoted 1 times
...
hilft
2 years, 9 months ago
A vs. C C
upvoted 1 times
...
tartarus23
2 years, 12 months ago
Selected Answer: C
C. Services such as Cloudfront, WAF and Shield Advanced address the security and anti-DDoS protection required for the architecture specifications of the given company.
upvoted 1 times
...
lucesarano
3 years, 3 months ago
It is true that a CLB is not supported with WAF but it does indeed support a CloudFront distribution. Hence C is the correct answer.
upvoted 2 times
...
AzureDP900
3 years, 4 months ago
C is right and this is simple question
upvoted 2 times
...
WhyIronMan
3 years, 5 months ago
I'll go with C
upvoted 2 times
...
Waiweng
3 years, 5 months ago
It's C
upvoted 2 times
...
Kian1
3 years, 5 months ago
going with C
upvoted 2 times
...
Ebi
3 years, 5 months ago
Answer is C
upvoted 4 times
...
sanjaym
3 years, 5 months ago
I'll go with C.
upvoted 2 times
...
T14102020
3 years, 6 months ago
Correct answer is C. All of features
upvoted 1 times
...
jackdryan
3 years, 6 months ago
I'll go with C
upvoted 3 times
...
Bulti
3 years, 6 months ago
C is correct. Although A seems right, not protecting the S3 hosted website using CloudFront and AWS WAF with it is not a good security posture for that web endpoint. So C is the correct answer.
upvoted 4 times
...
lostri
3 years, 6 months ago
Answer is C because CLB does not support WAF
upvoted 1 times
...
pddddd
3 years, 6 months ago
What exactly are you going to use the Lambda for in answer C? Answer seems OK, but Lambda does not fit...
upvoted 4 times
iamgk
3 years, 6 months ago
AWS Lambda can check the third-party IP reputation lists hourly for new ranges to block.
upvoted 3 times
...
wassb
2 years, 6 months ago
There are several benefits to using Lambda (Lambda@Edge) for authorization operations like filtering out unauthorized requests before they reach your origin infrastructure.
upvoted 2 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago