ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 490 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 490
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application's traffic recently spiked due to fraudulent requests from botnets.
Which steps should a solutions architect take to block requests from unauthorized users? (Choose two.)

  • A. Create a usage plan with an API key that is shared with genuine users only.
  • B. Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses.
  • C. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.
  • D. Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.
  • E. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by patriktre at Aug. 30, 2021, 6:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
patriktre
Highly Voted 3 years, 6 months ago
A and C for me
upvoted 25 times
patriktre
3 years, 6 months ago
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html
upvoted 4 times
Alfio
3 years, 6 months ago
"C" for sure. I'm not sure for A
upvoted 5 times
...
ja_girl_eng
3 years, 5 months ago
C & E. "Don't rely on API keys as your only means of authentication and authorization for your APIs. For one thing, if you have multiple APIs in a usage plan, a user with a valid API key for one API in that usage plan can access all APIs in that usage plan. Instead, use an IAM role, a Lambda authorizer, or an Amazon Cognito user pool." https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html
upvoted 3 times
Alcpt
3 years, 4 months ago
lets pretend u have 2, 000 authorized users hitting your API. are you going to create IAM roles for all 2,000 users? the admin overhead is going to be insane.
upvoted 5 times
...
...
...
amshivraj
3 years, 6 months ago
API Gateway – Security IAM: • Great for users / roles already within your AWS account • Handle authentication + authorization • Leverages Sig v4 Custom Authorizer: • Great for 3rd party tokens • Very flexible in terms of what IAM policy is returned • Handle Authentication + Authorization • Pay per Lambda invocation Cognito User Pool: • You manage your own user pool (can be backed by Facebook, Google login etc…) • No need to write any custom code • Must implement authorization in the backend
upvoted 1 times
...
...
slcheng
Highly Voted 2 years, 8 months ago
Selected Answer: BC
https://aws.amazon.com/tw/blogs/architecture/field-notes-how-to-identify-and-block-fake-crawler-bots-using-aws-waf/
upvoted 7 times
...
BECAUSE
Most Recent 1 year, 10 months ago
Selected Answer: AC
A and C are the answers
upvoted 1 times
...
sam_aws2021
2 years, 9 months ago
What is the answer then ? I see only C and E. E is an approach using IAM Validations for API. Others dont look appropriate.
upvoted 2 times
...
naveenagurjara
2 years, 9 months ago
Selected Answer: AC
although it says: Don't rely on API keys as your only means of authentication and authorization for your APIs. For one thing, if you have multiple APIs in a usage plan, a user with a valid API key for one API in that usage plan can access all APIs in that usage plan. Instead, use an IAM role, a Lambda authorizer, or an Amazon Cognito user pool." Here we preferred is CUP.. but since this is not an option AC will fit next than IAM thats used for AWS internal users and not global internet users
upvoted 2 times
...
bighedgedog
2 years, 10 months ago
Selected Answer: AC
A - Correct. Usage plan is one key feature for controlling API access. https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html B. Incorrect. Fraudulent IPs may be unknown. WAF is better for this. C. Correct. AWS WAF applied to the API is the right tool for securing it. D. Incorrect. Then is not accessible from the Internet. E. Incorrect. Difficult to managed (role per user?, thousand of users?).
upvoted 3 times
...
VijiTu
2 years, 10 months ago
As per the AWS docs in the link https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-protect.html C and D seems apt
upvoted 1 times
...
examhamster
2 years, 11 months ago
https://aws.amazon.com/tw/blogs/architecture/field-notes-how-to-identify-and-block-fake-crawler-bots-using-aws-waf/ answer: B and C
upvoted 2 times
...
cutecolt
2 years, 11 months ago
Selected Answer: CD
Most suitable answer after elimiating assigning roles to individual users.
upvoted 2 times
...
ashdon
3 years, 2 months ago
Cand D
upvoted 2 times
...
envest
3 years, 3 months ago
IMO: A,C: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html#:~:text=Don%27t%20rely%20on%20API%20keys%20as%20your%20only%20means%20of%20authentication%20and%20authorization%20for%20your%20APIs
upvoted 1 times
...
Thawdr
3 years, 3 months ago
A, C https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html
upvoted 1 times
...
FF11
3 years, 3 months ago
Selected Answer: AC
A&C are correct
upvoted 1 times
...
69657
3 years, 4 months ago
A&C A https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html C https://aws.amazon.com/blogs/aws/reduce-unwanted-traffic-on-your-web-site-with-aws-bot-control/
upvoted 2 times
...
69657
3 years, 4 months ago
https://aws.amazon.com/blogs/aws/reduce-unwanted-traffic-on-your-web-site-with-aws-bot-control/
upvoted 1 times
...
jinyjiny40
3 years, 4 months ago
E isn’t going to be correct as it’s a service for public access… therefore A and C for me
upvoted 2 times
...
Gomer
3 years, 4 months ago
Problem with "E" is that nobody is going to create a separate role for each user. It sounds like the API key stops "traffic" from being processed past the API gateway. I'd go with A & C based on the other URL references others have provided.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago