AWS Certified Solutions Architect – Associate (SAA-C03) — Question 1002

A company uses Amazon API Gateway to manage its REST APIs that third-party service providers access. The company must protect the REST APIs from SQL injection and cross-site scripting attacks.

What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Configure AWS Shield.
• B. Configure AWS WAF.
• C. Set up API Gateway with an Amazon CloudFront distribution. Configure AWS Shield in CloudFront.
• D. Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront.

Correct answer: B

Explanation

AWS WAF can be integrated directly with Amazon API Gateway stages, making it the most operationally efficient solution to block SQL injection and cross-site scripting attacks. AWS Shield (Options A and C) is intended for DDoS mitigation rather than application-layer vulnerabilities like XSS and SQLi. While Option D also works, introducing Amazon CloudFront adds unnecessary infrastructure complexity and management overhead compared to native AWS WAF integration with API Gateway.