Secure Architecture IV
Prepare for the AWS Certified Solutions Architect Associate SAA-C03 Certificate exam by tackling practice questions that focus on securing your infrastructure using AWS WAF (Web Application Firewall), Amazon Inspector, AWS Key Management Service (KMS), Amazon GuardDuty, and AWS Macie.
We'll cover the following
Question 33
A company hosts a highly popular web application on Amazon S3, which serves static and dynamic content. To ensure global availability and low latency, it uses Amazon CloudFront as a content delivery network (CDN). Recently, the company has faced security challenges such as SQL injection and cross-site scripting (XSS) attacks, which have compromised the integrity of its web application. The company wants to enhance the security and performance of its CloudFront distribution without significantly impacting performance, increasing costs, or complexity.
As a solutions architect, recommend a solution that fulfills the requirements.
A. Enable geo-restriction to restrict access based on the geographic location of the users.
B. Configure CloudFront to use AWS WAF (Web Application Firewall) to protect against common web exploits.
C. Enable AWS Shield Standard to protect the CloudFront distribution from SQL injection and cross-site scripting (XSS) attacks.
D. Configure AWS Firewall Manager rules for Amazon CloudFront to protect against SQL injection and cross-site scripting (XSS) attacks.
Get hands-on with 1400+ tech skills courses.