Secure Architecture I

Equip yourself with the necessary understanding to confidently tackle exam questions by reviewing assessment questions and explanations against all options.

Question 14

An AI-based startup is preparing to launch its three-tier web application using third-party Domain Name Services (DNS). The application takes an image and analyzes it to label its content. The application is deployed over multiple EC2 instances behind an Application Load Balancer (ALB). The application and database layers are deployed in the private subnet of the Virtual Private Cloud (VPC).

A solutions architect must recommend a solution that protects against large-scale DDoS attacks and SQL injections with the least operational overhead.

A. Use AWS Shield to ALB to protect against DDoS attacks, attach AWS WAF in front of the ALB, and associate appropriate web ACLS with WAF.

B. Attach AWS Shield Advanced and WAF to Application Load Balancer (ALB) to block all the SQL injection and manage large-scale DDoS attacks automatically.

C. Use AWS Shield with ALB to protect against DDoS attacks and Amazon Inspector to block all SQL injection attempts automatically.

D. Use AWS WAF in front of the ALB and Amazon Inspector to block all SQL injection attempts automatically.

Get hands-on with 1400+ tech skills courses.