AWS Certified Solutions Architect – Associate (SAA-C02) — Question 13

A web application is deployed in the AWS Cloud. It consists of a two-tier architecture that includes a web layer and a database layer. The web server is vulnerable to cross-site scripting (XSS) attacks.
What should a solutions architect do to remediate the vulnerability?

Answer options

• A. Create a Classic Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
• B. Create a Network Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
• C. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
• D. Create an Application Load Balancer. Put the web layer behind the load balancer and use AWS Shield Standard.

Correct answer: C

Explanation

The correct answer is C because using an Application Load Balancer with AWS WAF helps filter and monitor HTTP requests to protect against XSS attacks effectively. Options A and B utilize Classic and Network Load Balancers, which do not provide the necessary application-layer filtering that WAF offers. Option D, while it mentions AWS Shield Standard, does not address the specific vulnerabilities associated with XSS attacks as effectively as using WAF.