Q65 — AWS SAA-C03 Ch.1

Question 65 of 65 | ← Chapter 1

Q65. A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda.The application's traffic recently spiked due to fraudulent requests from botnets. Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

Correct Answer: A. Create a usage plan with an API key that is shared with genuine users only., C. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.

Explanation

To block requests from unauthorized users in a serverless application using Amazon API Gateway and AWS Lambda, the solutions architect should take the following two steps: A. Create a usage plan with an API key that is shared with genuine users only.- By creating a usage plan and providing an API key only to genuine users, you can enforce authentication and control access to the API. Unauthorized users without a valid API key will be blocked from making requests. C. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out.- AWS WAF (Web Application Firewall) can be used to protect against common web exploits and filter out malicious requests. By implementing AWS WAF rules, you can identify and block requests from botnets or other unauthorized sources based on various criteria such as IP addresses, headers, or request patterns. Option B (Integrate logic within the Lambda function to ignore the requests from fraudulent addresses) is not necessary when using AWS WAF, as AWS WAF can handle the filtering of fraudulent requests without the need for custom logic within the Lambda function. Option D (Convert the existing public API to a private API and update the DNS records to redirect users to the new API endpoint) and option E (Create an IAM role for each user attempting to access the API) are not directly related to blocking requests from unauthorized users. Converting the API to private and updating DNS records relate to access control, while creating an IAM role per user relates to user authentication and authorization. Therefore, the correct combination of steps to block requests from unauthorized users is A (create a usage plan with an API key) and C (implement an AWS WAF rule).