Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 77 discussion

i think B

it a B good answer. B. Deploy an appropriate managed rule for AWS WAF and associate it with the ALB. WAF have this options for solutions. https://aws.amazon.com/waf/features/ Web traffic filtering AWS WAF lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers and body, or custom URIs. This gives you an additional layer of protection from web attacks that attempt to exploit vulnerabilities in custom or third party web applications. In addition, AWS WAF makes it easy to create rules that block common web exploits like SQL injection and cross site scripting. AWS WAF allows you to create a centralized set of rules that you can deploy across multiple websites. This means that in an environment with many websites and web applications you can create a single set of rules that you can reuse across applications rather than recreating that rule on every application you want to protect.

AWS WAF (Web Application Firewall): It helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. By deploying AWS WAF with managed rules, you can block known attack patterns and vulnerabilities, including those identified as common vulnerabilities and exposures (CVEs). Application Load Balancer (ALB): Since the web application will run on EC2 instances behind an ALB, associating AWS WAF with the ALB allows you to inspect and filter incoming traffic before it reaches the instances. This provides an additional layer of protection against malicious activity.

ppl continue to play around a single word. if so - why use Shield when the question did not say Shields Advanced?! if a single word for you makes sense to drop WAF, then a single word for me says to drop Shield, because basic shield does not include WAF, and Shields protects against layer4 attacks, which is NOT what the question is asking B

C is the answer

" If you’re prone to frequent DDoS attacks, consider purchasing Shield Advanced"

Needs WAF for ALB, not shield

B is the right answer

While AWS WAF is a firewall that can protect you from multiple types of attacks and provide various options for whitelisting, AWS Shield is a single-purpose service. AWS Shield is a managed Distributed Denial of Service (DDoS) protection tool for your AWS-based applications

This is a dumb question. check this out:https://aliceandbob.company/services/continuous-improvement/managed-perimeter-protection/ my understanding is , if you have more funding, than Shield, if no, go with WAF the mini.

AWS WAF is a firewall that can protect you from multiple types of attacks and provide various options for whitelisting, AWS Shield is a single-purpose service. AWS Shield is a managed Distributed Denial of Service (DDoS) protection tool for your AWS-based applications

AWS Shield Advanced includes WAF for free. So the solution warrants both Shield and WAF measures.

AWS Shield Advanced capabilities and options A AWS Shield Advanced subscription includes the following capabilities and options. These supplement the DDoS detection and mitigation capabilities that you already receive with AWS. * AWS WAF integration * Automatic application layer DDoS mitigation * Health-based detection * Protection groups * Enhanced visibility into DDoS events and attacks * Centralized management of Shield Advanced protections by AWS Firewall Manager * AWS Shield Response Team (SRT) * Proactive engagement * Cost protection opportunities https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-summary-capabilities.html

C is correct. See comment from Alouch47.

ANS C my 2 cents : "high premium on the application's resilience to hostile internet activities and assaults" --> Shields Advanced (WAF included)

B is good.

Should be C. Because the question mentioned ALB that implicit it’s a layer 7 DDoS attack. So shield is a better option here.