Correct Answers: A and D.
AWS WAF can be deployed with the following resources to protect web applications & APIs from common web exploits.
a.
Application Load Balancer.
b.
Amazon CloudFront.
c.
Amazon API Gateway.
d.
AWS AppSync.
Options B, C & E are incorrect as AWS WAF is not integrated with Internet Gateway, Amazon EC2 instance or Amazon S3 bucket.
For more information on AWS WAF, refer to the following URL:
https://aws.amazon.com/waf/
AWS WAF (Web Application Firewall) is a managed service that helps protect web applications against a wide range of web exploits that could affect the application's availability, compromise the security of the application or the data stored in it, or violate compliance requirements.
AWS WAF can integrate with several AWS services to provide protection for web applications. The correct answer to the question is A and D, as AWS WAF can integrate with Amazon CloudFront and Application Load Balancer (ALB).
A. Amazon CloudFront Amazon CloudFront is a content delivery network (CDN) that can distribute content to users around the world with low latency and high transfer speeds. When AWS WAF integrates with Amazon CloudFront, it can inspect and filter traffic that is sent to the web application through the CDN. This integration allows AWS WAF to protect against common web exploits such as SQL injection, cross-site scripting (XSS), and distributed denial of service (DDoS) attacks.
D. Application Load Balancer Application Load Balancer (ALB) is a load balancing service that can distribute incoming traffic across multiple targets, such as EC2 instances, containerized applications, and Lambda functions. When AWS WAF integrates with an ALB, it can inspect and filter traffic before it reaches the targets. This integration allows AWS WAF to protect against common web exploits such as SQL injection, cross-site scripting (XSS), and HTTP flooding.
B. Internet Gateway An internet gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in a VPC and the internet. However, AWS WAF cannot integrate with an internet gateway to protect web applications. Instead, AWS WAF is integrated with a web application hosted on an EC2 instance or behind an ALB.
C. Web server hosted on Amazon EC2 instance. When a web application is hosted on an Amazon EC2 instance, AWS WAF can integrate with the web server to provide protection against common web exploits. AWS WAF can be deployed on a separate instance, which acts as a reverse proxy, or as a software module on the web server itself. This integration allows AWS WAF to protect against common web exploits such as SQL injection, cross-site scripting (XSS), and HTTP flooding.
E. Static Website hosted on Amazon S3 bucket. When a static website is hosted on an Amazon S3 bucket, AWS WAF cannot integrate with the website to provide protection against common web exploits. AWS WAF is designed to integrate with web applications that are hosted on web servers or behind load balancers. However, S3 bucket can be protected from malicious access through S3 bucket policies and access control lists (ACLs).
In conclusion, AWS WAF can integrate with Amazon CloudFront and Application Load Balancer (ALB) to protect web applications against common web exploits such as SQL injection, cross-site scripting (XSS), and HTTP flooding.