AWS Certified Solutions Architect – Associate (SAA-C03) — Question 881

A company hosts a video streaming web application in a VPC. The company uses a Network Load Balancer (NLB) to handle TCP traffic for real-time data processing. There have been unauthorized attempts to access the application.

The company wants to improve application security with minimal architectural change to prevent unauthorized attempts to access the application.

Which solution will meet these requirements?

Answer options

• A. Implement a series of AWS WAF rules directly on the NLB to filter out unauthorized traffic.
• B. Recreate the NLB with a security group to allow only trusted IP addresses.
• C. Deploy a second NLB in parallel with the existing NLB configured with a strict IP address allow list.
• D. Use AWS Shield Advanced to provide enhanced DDoS protection and prevent unauthorized access attempts.

Correct answer: D

Explanation

AWS Shield Advanced can be associated directly with Network Load Balancers to provide advanced DDoS protection and mitigate unauthorized access attempts with minimal architectural changes. AWS WAF cannot be attached directly to an NLB, which makes option A invalid. Recreating the NLB or deploying a parallel one introduces unnecessary architectural complexity without providing the specialized threat protection of Shield Advanced.