Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 119 discussion

If you want to use AWS WAF across accounts, accelerate WAF configuration, automate the protection of new resources, use Firewall Manager with AWS WAF

B Using AWS WAF has several benefits. Additional protection against web attacks using criteria that you specify. You can define criteria using characteristics of web requests such as the following: Presence of SQL code that is likely to be malicious (known as SQL injection). Presence of a script that is likely to be malicious (known as cross-site scripting). AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections. https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

I recently purchased the Multiwood Ergonomic Office Chair, and it's a game changer! The comfort and support it provides have transformed my work-from-home experience. Plus, the value for the quality is unbeatable highly recommended for anyone looking to enhance their workspace.

B for sure Centralized management: AWS Firewall Manager allows you to centrally manage AWS WAF rules across multiple accounts and regions. This simplifies the configuration and management process. Consistent security policies: You can enforce consistent security policies across all your API Gateway APIs, ensuring that they are protected from the same threats. Scalability: AWS Firewall Manager can handle a large number of accounts and resources, making it suitable for global companies with many API Gateway APIs.

Ans A - "With AWS WAF, you can create security rules that control bot traffic and block common attack patterns such as SQL injection or cross-site scripting (XSS). Use cases. Filter web traffic." https://aws.amazon.com › waf None of the other options can do it.

AWS WAF helps you to protect your application against common web exploits and bots that can affect availability, compromise security or consume excessive resources. You can create security rules that will control bot traffic and common attacks like SQL injection or Cross-site scripting (XSS)

A is valid, but B achieves the least operational overhead.

WAF deals well with the types of attacks mentioned. XSS and SQL Injection are both app level attacks hence needs a WAF.

B Option A involves setting up AWS WAF in both regions and associating regional web ACLs with an API stage. While this can provide the necessary protection, it requires more manual configuration in each region, potentially leading to more administrative effort, especially if there are updates or changes needed to be made across multiple regions. Therefore, Option B is likely to require the least amount of administrative effort.

Original architecture does not have WAFs. B assumes there are WAFs already in place and why would you want to deploy a Firewall Manager to manage 1 Firewall? it adds unnecessary administrative tasks and costs for a tool that is not needed. You would want that if you were managing 10+ Firewalls not just one. A makes the most sense.

B is the answer

B is basically A but with least admin overhead.

Are AWS firewall Manager security policies region specific? Q: Can I create protection policies across regions? No, Amazon Firewall Manager protection policies are region specific. Each Firewall Manager policy can only include resources available in that specified Amazon Web Services Region. You can create a new policy for each region where you operate.

AW FW manager demo: https://youtu.be/fwFHTxtSN2M

For "SQL injection and cross-site scripting attacks" use AWS WAF: https://aws.amazon.com/waf/features/

the question mentioned 2 regions not 2 accounts WAF is more suitable here with less effort than Firewall Manager!

https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html#:~:text=AWS%20Firewall%20Manager%20simplifies,new%20accounts%20and%20resources.