Exam SOA-C03 Topic 2 Question 102 Discussion

Actual exam question for Amazon's SOA-C03 exam
Question #: 102
Topic #: 2

A company deploys an application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The company wants to protect the application from SQL injection attacks.
Which solution will meet this requirement?

A. Deploy AWS Shield Advanced in front of the ALB. Enable SQL injection filtering. B. Deploy AWS Shield Standard in front of the ALB. Enable SQL injection filtering. C. Deploy a vulnerability scanner on each EC2 instance. Continuously scan the application code. D. Deploy AWS WAF in front of the ALB. Subscribe to an AWS Managed Rule for SQL injection filtering.

Suggested Answer: D Vote an answer

The AWS Cloud Operations and Security documentation confirms that AWS WAF (Web Application Firewall) is designed to protect web applications from application-layer threats, including SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities.
When integrated with an Application Load Balancer, AWS WAF inspects incoming traffic using rule groups. The AWS Managed Rules for SQL Injection Protection provide preconfigured, continuously updated filters that detect and block malicious SQL patterns.
AWS Shield (Standard or Advanced) defends against DDoS attacks, not application-layer SQL attacks, and vulnerability scanners (Option C) only detect, not prevent, exploitation.
Thus, Option D provides the correct, managed, and automated protection aligned with AWS best practices.

by Basil at Dec 19, 2025, 11:19 AM

Limited Time Offer

15%

Off

Get Premium SOA-C03 Questions as Interactive Self Test Engine or PDF

Comments

0 Satisfied Customers

0 Shares

0 Demo Downloads

10 Years in Business