AWS Certified SysOps Administrator Practice Exam

What is one effective method for securing applications served via Amazon CloudFront?

• A. Set up SSL certificates on all endpoints
• B. Use AWS Web Application Firewall (WAF) on CloudFront
• C. Deploy AWS Shield on your servers
• D. Restrict access using security groups only

The correct answer is: Use AWS Web Application Firewall (WAF) on CloudFront

Using AWS Web Application Firewall (WAF) on CloudFront is an effective method for securing applications served through this content delivery network. AWS WAF enables users to create security rules that filter out malicious web requests and block common attack patterns such as SQL injection and cross-site scripting (XSS). By integrating WAF with CloudFront, you can ensure that only legitimate traffic reaches your application. This solution not only protects against web exploits but also allows you to use rate limiting to mitigate DDoS attacks and filter based on geographic restrictions, IP addresses, or request patterns. With the rising threats in web applications, leveraging AWS WAF with CloudFront provides an additional layer of security directly at the edge, enhancing the protection before the requests even reach your origin servers. Considering other options, setting up SSL certificates is important for securing data in transit, but it does not directly protect against application-layer threats. Similarly, deploying AWS Shield is designed for DDoS protection at a broader level but does not offer the specific request filtering capabilities of AWS WAF. Relying solely on security groups restricts access at the network level but does not address application-level vulnerabilities or threats that WAF is designed to mitigate.