AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A solutions architect needs to enhance the security of a public-facing application. The application should be safeguarded from widespread Internet threats including, but not limited to, automated bots and vulnerabilities like injections. Additionally, it must have capabilities to thwart bursts of illegitimate requests. Which of the following should the architect recommend to fulfill these requirements?
A service for managing user identities and federations
A service focused on monitoring and controlling web traffic with customizable security rules
A service dedicated to guarding against DDoS attacks
A service for the storage and management of sensitive information and credentials
The correct service for these requirements is a web application firewall that offers protection against typical web-based threats, including filtering capabilities based on patterns such as SQL injections and customizable rules for managing the rate of incoming requests. AWS WAF is the service designed to provide this level of protection, allowing administrators to create custom rules that target and block specific exploits and forms of undesirable traffic. Whereas, the other options do not provide the level of traffic filtering and rule customization necessary for these particular security measures against web threats. AWS Shield focuses on DDoS protection without detailed rule customization, the Secrets Manager service is intended for managing secrets, and IAM Identity Center is for identity management, not direct web traffic control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What features does AWS WAF provide for enhanced security?
Open an interactive chat with Bash
How does AWS Shield differ from AWS WAF?
Open an interactive chat with Bash
What types of attacks can AWS WAF help protect against?