AWS Certified Solutions Architect – Associate (SAA-C03) — Question 243

A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, and securing servers for its AWS environment.

What should a solutions architect recommend to meet these requirements?

Answer options

• A. Configure AWS WAF rules and associate them with the ALB.
• B. Deploy the application using Amazon S3 with public hosting enabled.
• C. Deploy AWS Shield Advanced and add the ALB as a protected resource.
• D. Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.

Correct answer: A

Explanation

The correct answer is A because configuring AWS WAF rules allows the company to actively filter and protect against application-level attacks directly at the ALB. Option B does not provide adequate security measures, while option C, although protective, involves more complexity and responsibility than the company is prepared to handle. Option D unnecessarily complicates the architecture by introducing additional components that increase management overhead.