AWS Certified Solutions Architect – Professional (SAP-C02) — Question 201

A company is updating an application that customers use to make online orders. The number of attacks on the application by bad actors has increased recently.

The company will host the updated application on an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use Amazon DynamoDB to store application data. A public Application Load Balancer (ALB) will provide end users with access to the application. The company must prevent attacks and ensure business continuity with minimal service interruptions during an ongoing attack.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

Answer options

• A. Create an Amazon CloudFront distribution with the ALB as the origin. Add a custom header and random value on the CloudFront domain. Configure the ALB to conditionally forward traffic if the header and value match.
• B. Deploy the application in two AWS Regions. Configure Amazon Route 53 to route to both Regions with equal weight.
• C. Configure auto scaling for Amazon ECS tasks Create a DynamoDB Accelerator (DAX) cluster.
• D. Configure Amazon ElastiCache to reduce overhead on DynamoDB.
• E. Deploy an AWS WAF web ACL that includes an appropriate rule group. Associate the web ACL with the Amazon CloudFront distribution.

Correct answer: A, E

Explanation

Option A is correct because using Amazon CloudFront with the ALB can provide a layer of protection against attacks while enhancing performance. Option E is also correct as deploying an AWS WAF web ACL helps in filtering malicious requests, securing the application further. Options B, C, and D are not as cost-effective as they involve additional resources and complexities that do not directly address the immediate need for attack mitigation.