A web application is deployed in the AWS Cloud It consists of a two-tier architecture that includes a web layer and a database layer The web server is vulnerable to cross-site scripting (XSS) attacks
What should a solutions architect do to remediate the vulnerability?
A . Create a Classic Load Balancer Put the web layer behind the load balancer and enable AWS WAF
B . Create a Network Load Balancer Put the web layer behind the load balancer and enable AWS WAF
C . Create an Application Load Balancer Put the web layer behind the load balancer and enable AWS WAF
D . Create an Application Load Balancer Put the web layer behind the load balancer and use AWS Shield Standard
Answer: C
Explanation:
Working with cross-site scripting match conditions
Attackers sometimes insert scripts into web requests in an effort to exploit vulnerabilities in web applications. You can create one or more cross-site scripting match conditions to identify the parts of web requests, such as the URI or the query string, that you want AWS WAF Classic to inspect for possible malicious scripts. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious scripts.
Web Application Firewall
You can now use AWS WAF to protect your web applications on your Application Load Balancers. AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-xss-conditions.html
https://aws.amazon.com/elasticloadbalancing/features/
Leave a Reply