Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 637 discussion

You can use Shield with API. https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-summary-protected-resources.html WAF to protect the API Gateway, since it's exposed to external users.

B and C are the answers

WAF - ALB,API GATEWAY & CF SHIELD - Route 53, CF & Load Balancer

AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, CloudFront distributions, Route 53 hosted zones, and AWS Global Accelerator standard accelerators. AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to your protected web application resources. You can protect the following resource types: Amazon CloudFront distribution Amazon API Gateway REST API Application Load Balancer AWS AppSync GraphQL API Amazon Cognito user pool https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

B : AWS Shield Advanced is used with NLB Get started protecting EC2 instances and Network Load Balancers Sign in to the AWS Management Console and navigate to the AWS WAF and AWS Shield console. Activate AWS Shield Advanced by choosing Activate AWS Shield Advanced and accepting the terms.

A is wrong WAF cannot be associated with NLB. NLB operates on layer 4 and it does not have visibility into application layer [1]. WAF, however, inspects layer 7 requests, operates on a different layer. As of today, WAF work with CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync [2]

AWS WAF for SQL injection and cross-site scripting (XSS) attacks. AWS Shield for DDos protection.

I think its BC