Topic 1 Question 340
A media company hosts its website on AWS. The website application’s architecture includes a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) and a database that is hosted on Amazon Aurora. The company’s cybersecurity team reports that the application is vulnerable to SQL injection.
How should the company resolve this issue?
Use AWS WAF in front of the ALB. Associate the appropriate web ACLs with AWS WAF.
Create an ALB listener rule to reply to SQL injections with a fixed response.
Subscribe to AWS Shield Advanced to block all SQL injection attempts automatically.
Set up Amazon Inspector to block all SQL injection attempts automatically.
ユーザの投票
コメント(9)
- 正解だと思う選択肢: A
A. Use AWS WAF in front of the ALB. Associate the appropriate web ACLs with AWS WAF.
SQL Injection - AWS WAF DDoS - AWS Shield
👍 14Bhawesh2023/02/17 Answer - A https://aws.amazon.com/premiumsupport/knowledge-center/waf-block-common-attacks/#:~:text=To%20protect%20your%20applications%20against,%2C%20query%20string%2C%20or%20URI.
Protect against SQL injection and cross-site scripting To protect your applications against SQL injection and cross-site scripting (XSS) attacks, use the built-in SQL injection and cross-site scripting engines. Remember that attacks can be performed on different parts of the HTTP request, such as the HTTP header, query string, or URI. Configure the AWS WAF rules to inspect different parts of the HTTP request against the built-in mitigation engines.
👍 5jennyka762023/02/18- 正解だと思う選択肢: A
Bhawesh answers it perfect so I'm avoiding redundancy but agree on it being A.
👍 2pbpally2023/02/20
シャッフルモード