Amazon SAP-C02: Create Amazon CloudFront distribution with ALB, add custom header and random value, deploy AWS WAF web ACL.

Table of Contents

Question
Answer
Explanation
Reference

Question

A company is updating an application that customers use to make online orders. The number of attacks on the application by bad actors has increased recently. The company will host the updated application on an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use Amazon DynamoDB to store application data. A public Application Load Balancer (ALB) will provide end users with access to the application. The company must prevent attacks and ensure business continuity with minimal service interruptions during an ongoing attack. Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

A. Create an Amazon CloudFront distribution with the ALB as the origin. Add a custom header and random value on the CloudFront domain. Configure the ALB to conditionally forward traffic if the header and value match.
B. Deploy the application in two AWS Regions. Configure Amazon Route 53 to route to both Regions with equal weight.
C. Configure auto scaling for Amazon ECS tasks Create a DynamoDB Accelerator (DAX) cluster.
D. Configure Amazon ElastiCache to reduce overhead on DynamoDB.
E. Deploy an AWS WAF web ACL that includes an appropriate rule group. Associate the web ACL with the Amazon CloudFront distribution.

Answer

A. Create an Amazon CloudFront distribution with the ALB as the origin. Add a custom header and random value on the CloudFront domain. Configure the ALB to conditionally forward traffic if the header and value match.
E. Deploy an AWS WAF web ACL that includes an appropriate rule group. Associate the web ACL with the Amazon CloudFront distribution.

Explanation

The correct answer is A and E.

A. Create an Amazon CloudFront distribution with the ALB as the origin. Add a custom header and random value on the CloudFront domain. Configure the ALB to conditionally forward traffic if the header and value match.

This will help to prevent attacks by bad actors by adding an extra layer of security to the application. The custom header and random value will make it more difficult for attackers to spoof traffic and gain access to the application.

E. Deploy an AWS WAF web ACL that includes an appropriate rule group. Associate the web ACL with the Amazon CloudFront distribution.

AWS WAF is a web application firewall that can help to protect the application from a variety of attacks, including common web vulnerabilities, SQL injection, and cross-site scripting. By deploying an AWS WAF web ACL and associating it with the Amazon CloudFront distribution, the company can add another layer of protection to the application.

The other options are not as cost-effective as A and E.

B. Deploy the application in two AWS Regions. Configure Amazon Route 53 to route to both Regions with equal weight.

This is a good way to ensure business continuity, but it is more expensive than deploying the application in a single Region.

C. Configure auto scaling for Amazon ECS tasks Create a DynamoDB Accelerator (DAX) cluster.

This is a good way to improve performance and scalability, but it is not as cost-effective as deploying an AWS WAF web ACL.

D. Configure Amazon ElastiCache to reduce overhead on DynamoDB.

This is a good way to improve performance and scalability, but it is not as cost-effective as deploying an AWS WAF web ACL.

In conclusion, the combination of A and E is the most cost-effective way to meet the company’s requirements.

Reference

Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.