SAP-C02 Question #484: Real Exam Question with Answer & Explanation

Question

A company uses a load balancer to distribute traffic to Amazon EC2 instances in a single Availability Zone. The company is concerned about security and wants a solutions architect to re- architect the solution to meet the following requirements: - Inbound requests must be filtered for common vulnerability attacks. - Rejected requests must be sent to a third-party auditing application. - All resources should be highly available. Which solution meets these requirements?

Options

• AConfigure a Multi-AZ Auto Scaling group using the application's AMI. Create an Application Load
• BConfigure an Application Load Balancer (ALB) and add the EC2 instances as targets. Create a
• CConfigure an Application Load Balancer (ALB) along with a target group adding the EC2
• DConfigure a Multi-AZ Auto Scaling group using the application's AMI. Create an Application Load

Explanation

To re-architect for high availability, security filtering, and auditing, deploy the application on a Multi-AZ Auto Scaling group behind an Application Load Balancer (ALB) integrated with AWS WAF for attack filtering and Kinesis Data Firehose for logging rejected requests to a third-party auditor.

Common mistakes.

• A. This choice is structurally identical to D; however, D is specified as the correct answer, implying A is not the selected choice.
• B. This solution lacks explicit high availability for the EC2 instances themselves, only mentioning adding them as targets to an ALB without specifying a Multi-AZ Auto Scaling group.
• C. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior, but it does not function as a web application firewall to filter inbound requests for common vulnerability attacks at the edge.

Concept tested. Web application security, high availability, logging and auditing

Reference. https://docs.aws.amazon.com/waf/latest/developerguide/waf-logging.html

No community discussion yet for this question.