Q: 10
A company runs an ecommerce web application on AWS. The web application is hosted as a static
website on Amazon S3 with Amazon CloudFront for content delivery. An Amazon API Gateway API
invokes AWS Lambda functions to handle user requests and order processing for the web application.
The Lambda functions store data in an Amazon RDS for MySQL DB cluster that uses On-Demand
Instances. The DB cluster usage has been consistent in the past 12 months. Recently, the website has
experienced SQL injection and web exploit attempts. Customers also report that order processing
time has increased during periods of peak usage. During these periods, the Lambda functions often
have cold starts. As the company grows, the company needs to ensure scalability and low-latency
access during traffic peaks. The company also must optimize the database costs and add protection
against the SQL injection and web exploit attempts. Which solution will meet these requirements?
Options
Discussion
Option D Official practice and whitepapers both highlight WAF and Reserved Instances in this scenario. Lab walkthroughs help solidify this combo.
Why would anyone pick Shield Advanced alone over WAF for SQL injection protection here? Shield’s more about DDoS, but WAF actually blocks those web exploits. Am I missing some hidden use case?
Option D seems to fit unless there's a requirement for autoscaling RDS, which isn't mentioned. If the DB usage suddenly dropped off or spiked hard, Aurora Serverless (option C) might edge it out. Think D is safest barring that edge case.
B. not C. Reserved Instances fit steady usage, and WAF actually blocks the SQL injection risk.
Nah, I don't think B makes sense. Inspector isn't used for web app attacks like SQL injection, that's what WAF is for. D covers the Lambda cold start and gives RDS Reserved Instances for the steady DB use. C might trip people up, but Aurora Serverless is better for unpredictable demand, not this scenario.
D imo. WAF on CloudFront hits the SQL injection point, provisioned concurrency fixes those Lambda cold starts, and RDS Reserved Instances make sense for that steady usage. Pretty sure C's Aurora Serverless doesn't fit here.
I don’t see how C is right here since Aurora Serverless fits variable workloads, but the question says usage is steady. D.
I don't think it's A, D is better. Reserved Instances fit since DB usage is stable, and only D calls out WAF for SQL injection-not just Shield Advanced, which misses that exploit case.
Provisioned concurrency and Reserved Instances make a lot of sense here, so D fits. Also, AWS WAF with CloudFront is what you'd want for SQL injection protection, not just Shield Advanced. Pretty sure D covers all points but open to counterpoints.
Pretty sure D, official exam guide and practice test questions both hit on WAF plus Reserved Instances for steady workloads.
Be respectful. No spam.
