ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 912 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 912
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company hosts its primary API on AWS by using an Amazon API Gateway API and AWS Lambda functions that contain the logic for the API methods. The company's internal applications use the API for core functionality and business logic. The company's customers use the API to access data from their accounts.
Several customers also have access to a legacy API that is running on a single standalone Amazon EC2 instance.
The company wants to increase the security for these APIs to better prevent denial of service (DoS) attacks, check for vulnerabilities, and guard against common exploits.
What should a solutions architect do to meet these requirements?

  • A. Use AWS WAF to protect both APIs. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.
  • B. Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze both APIs. Configure Amazon GuardDuty to block malicious attempts to access the APIs.
  • C. Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.
  • D. Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to protect the legacy API. Configure Amazon GuardDuty to block malicious attempts to access the APIs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Rocketeer at Sept. 3, 2022, 9:36 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AwsBRFan
Highly Voted 2 years, 7 months ago
Selected Answer: C
Agree C - Single EC2 instance, so legacy API does not apply WAF (WAF for ALB, API gateway, cloudfront)
upvoted 7 times
...
Pete987
Most Recent 2 years, 1 month ago
Can it not be B? Lamba scanning using Inspector is in the preview stage though AWS Documentation: Amazon Inspector support for AWS Lambda functions provides continuous, automated security vulnerability assessments for Lambda functions and layers. Amazon Inspector offers two types of scanning for Lambda. These scan types look for different types of vulnerabilities. Amazon Inspector Lambda standard scanning This is the default Lambda scan type. Lambda standard scanning scans application dependencies within a Lambda function and its layers for package vulnerabilities. Amazon Inspector Lambda code scanning This scan type scans the custom application code in your functions and layers for code vulnerabilities. You can either activate Lambda standard scanning or activate Lambda standard scanning together with Lambda code scanning
upvoted 1 times
...
andras
2 years, 1 month ago
Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions.
upvoted 1 times
...
ArreRaja
2 years, 7 months ago
Guardduty only monitors and provides a JSON to other services (lamda, Eventbridge, etc) that will do the blocking
upvoted 1 times
...
SGES
2 years, 7 months ago
Agreed with C
upvoted 1 times
...
Rocketeer
2 years, 7 months ago
Why not B
upvoted 1 times
Rocketeer
2 years, 7 months ago
Changing my answer to C as Amazon inspector only looks at EC2 and ECRs.
upvoted 1 times
syaldram
2 years, 3 months ago
Doesn't inspector scan Lambda functions too?
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago