AWS Certified Solutions Architect – Associate (SAA-C02) — Question 53

A solutions architect is designing a web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The company strictly requires that the application be resilient against malicious internet activity and attacks, and protect against new common vulnerabilities and exposures.
What should the solutions architect recommend?

Answer options

• A. Leverage Amazon CloudFront with the ALB endpoint as the origin.
• B. Deploy an appropriate managed rule for AWS WAF and associate it with the ALB.
• C. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures are blocked.
• D. Configure network ACLs and security groups to allow only ports 80 and 443 to access the EC2 instances.

Correct answer: C

Explanation

The correct answer is C because AWS Shield Advanced provides comprehensive protection against DDoS attacks and helps safeguard against common vulnerabilities and exposures. Options A and B do not directly address the requirement for resilience against malicious activities at the level needed for common vulnerabilities. Option D, while it restricts access, does not provide a robust defense against a wider range of attacks.