A company is building a new mobile app and must apply traffic filtering to protect its Application Load Balancer (ALB) from common application-layer attacks such as cross-site scripting and SQL injection. The company has minimal infrastructure and operational staff and wants to reduce its operational responsibility for managing and updating servers. What should a solutions architect recommend?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure AWS WAF rules and associate them with the ALB..
Why this is the answer
Configuring AWS WAF rules and associating them with the ALB is the correct solution because AWS WAF is a managed web application firewall service designed to protect web applications from common web exploits like SQL injection and cross-site scripting. It operates at the application layer (Layer 7) and integrates directly with ALBs, requiring minimal operational overhead, which aligns with the company's goal of reducing operational responsibility. Deploying the application using Amazon S3 with public hosting enabled does not provide application-layer filtering; S3 is an object storage service. Deploying AWS Shield Advanced primarily offers DDoS protection and is not designed for application-layer attack filtering like SQL injection or cross-site scripting, though it can be used in conjunction with WAF. Creating a new ALB with an EC2 instance running a third-party firewall introduces significant operational overhead and management responsibility, contrary to the company's requirements.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed