A company runs an application on Amazon EC2 instances with an Amazon RDS database. Database credentials were configured using the principle of least privilege. The security team wants to protect both the application and the database from SQL injection and other web-based attacks with the LEAST operational overhead. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Use AWS WAF to protect the application. Use RDS parameter groups to configure the security settings..
Why this is the answer
The correct solution is to use AWS WAF to protect the application and RDS parameter groups for database security. AWS WAF (Web Application Firewall) is specifically designed to protect web applications from common web exploits like SQL injection, cross-site scripting, and other OWASP Top 10 vulnerabilities, directly addressing the requirement for protection against web-based attacks with minimal operational overhead. RDS parameter groups are used to manage the configuration of the RDS database, including security-related settings like SSL/TLS enforcement, which contributes to database security. Using security groups and network ACLs is a foundational security measure but doesn't provide application-layer protection against SQL injection. AWS Network Firewall is a managed firewall service for VPCs, offering broader network-level protection but not specialized web application protection like WAF. Using different database accounts with least privilege is a good practice for database security but doesn't protect the application layer from web exploits.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed