Q236.A company is running a two-tier web application on Amazon EC2. The web tier consists of an Application Load Balancer (ALB) backed by a Auto Scaling group of web server instances spanning multiple Availability Zones. The database tier is using Amazon Aurora MySQL.The company's security team has deployed AWS WAF and integrated it with the ALB to prevent SQL injection attacks against the application. Recently a security breach was reported in which the attacker was able to gain access to an individual web server and the company's database from random IP addresses. The security team was eventually able to write a better rule to match the SQL injection technique that the attacker had used. However this process took about an hour from when the third-party security agent running on the EC2 instances successfully detected the attack.Which strategy allows the security team to protect the database and overall infrastructure?
A.Add an Amazon CloudFront layer to the existing architecture. Modity the AWS WAF association to integrate with CloudFront instead of the ALB. Change the web tier's security groups to allow IP addresses from CloudFront only. Use正确答案A
Lambda@Edge to perform request inspection and block repetitive suspicious requests. B.Configure the third-party security agent to invoke an AWS Lambda function. The Lambda function should first check the web tier's AutoScaling group to ensure there is more than one running instance; and if so then stop and quarantine the web server instance. C.Enable Amazon Macie and turn on its integrations with Amazon EC2 and the Aurora MySQL database.Create a visual dashboard for the security team.Configure automated alerts and define AWS Lambda functions to automatically block detected attacks by modifying security groups within the VPC. D.Deploy Amazon GuardDuty to analyze VPC Flow Logs.Configure an Amazon EventBridge rule that triggers an AWS Lambda function upon a GuardDuty alert. Configure the Lambda function to automatically block detected attacks by modifying security groups within the VPC.
