AWS Certified Solutions Architect – Associate (SAA-C03) — Question 133

A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.
Which solution will meet these requirements with the LEAST amount of administrative effort?

Answer options

• A. Set up AWS WAF in both Regions. Associate Regional web ACLs with an API stage.
• B. Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.
• C. Set up AWS Shield in bath Regions. Associate Regional web ACLs with an API stage.
• D. Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.

Correct answer: B

Explanation

The correct answer is B because AWS Firewall Manager allows for centralized management of AWS WAF rules, reducing administrative overhead across multiple accounts and regions. Options A and C require separate configuration in each region, leading to more management effort, while option D does not provide comprehensive protection across both regions.