Examice

Exam SAP-C02 All QuestionsBrowse all questions from this exam

Question 487

A company hosts its primary API on AWS by using an Amazon API Gateway API and AWS Lambda functions that contain the logic for the API methods. The company’s internal applications use the API for core functionality and business logic. The company’s customers use the API to access data from their accounts. Several customers also have access to a legacy API that is running on a single standalone Amazon EC2 instance.

The company wants to increase the security for these APIs to better prevent denial of service (DoS) attacks, check for vulnerabilities, and guard against common exploits.

What should a solutions architect do to meet these requirements?

Use AWS WAF to protect both APIs. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze both APIs. Configure Amazon GuardDuty to block malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway API. Configure Amazon Inspector to analyze the legacy API. Configure Amazon GuardDuty to monitor for malicious attempts to access the APIs.

Use AWS WAF to protect the API Gateway AP! Configure Amazon Inspector to protect the legacy API. Configure Amazon GuardDuty to block malicious attempts to access the APIs.

Correct Answer: C

To increase security, use AWS WAF to protect the Amazon API Gateway API as it helps to prevent denial of service (DoS) attacks and common exploits. Configure Amazon Inspector to analyze the legacy API running on an EC2 instance to check for vulnerabilities. Finally, use Amazon GuardDuty to monitor for malicious attempts to access both the APIs, as GuardDuty is designed to continuously monitor and analyze for potential threats.

Discussion

ebbff63Option: C

GuardDuty only monitors but doesn't block malicious attempts. So answer is C

HelpnosenseOption: C

Not A because the question only say "Several customers also have access to a legacy API that is running on a single standalone Amazon EC2 instance." There is no ALB or cloudfront mentioned so WAF can't be attached to EC2 directly.

mifuneOption: A

"The company wants to increase the security for these APIs to better prevent denial of service (DoS) attacks, check for vulnerabilities, and guard against common exploits.", so I understand that we have to protect BOTH, and GuardDuty does not block anything... The answer for me is A

toma

how are you going to attache WAF to ec2? :)

gfhbox0083

C, for sure. AWS GuardDuty is a monitoring and threat detection service and does not directly block malicious activities. GuardDuty is designed to continuously monitor and analyze your AWS accounts and workloads for potential threats using machine learning, anomaly detection, and integrated threat intelligence.

zapper1234

B becuase this protects both API's