🧱 AWS WAF and AWS Shield - SOA-C03 Practice Questions

Review web ACLs, managed rules, rate-based rules, logging, Shield Standard and Advanced, and operational protection for public endpoints.

3Questions Available
2Exam Domains

Practice WAF & Shield Questions Now

Start a timed practice session focusing on AWS WAF and AWS Shield topics from the SOA-C03 question bank.

Start SOA-C03 Practice Quiz →

SOA-C03 WAF & Shield Question Bank (3 Questions)

Browse all 3 practice questions covering AWS WAF and AWS Shield for the SOA-C03 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Security & Compliance

    An organization with 30 AWS accounts wants to ensure that AWS WAF Web ACLs with specific rules are applied to all ALBs and CloudFront distributions across every account. The security team should manage this centrally. Which AWS service provides this capability?

    AAWS Organizations SCPs to enforce WAF attachment on all ALBs.
    BAWS Firewall Manager, which allows the security team to create WAF policies that are automatically applied across all member accounts in the Organization.
    CAWS CloudFormation StackSets to deploy WAF Web ACLs to all accounts.
    DAWS Config rules to detect ALBs without WAF associations and send alerts.

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  2. Question 2Security & Compliance

    A company subscribes to AWS Shield Advanced to protect its public-facing ALBs, CloudFront distributions, and Elastic IPs. The SysOps Administrator wants to ensure that during a DDoS event, AWS experts are engaged automatically and that the company receives cost protection. Which Shield Advanced features provide these benefits?

    AAWS Shield Advanced provides access to the AWS Shield Response Team (SRT) who can assist during active DDoS events, and DDoS cost protection that provides credits for scaling charges incurred due to DDoS attacks on protected resources.
    BShield Advanced automatically blocks all DDoS traffic without any customer action and provides free WAF rules.
    CShield Advanced only provides enhanced detection metrics; manual engagement with AWS Support is required.
    DShield Advanced provides the SRT but cost protection is only available with the Enterprise Support plan.

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz
  3. Question 3Security & Compliance

    A SysOps administrator needs to configure AWS WAF to protect an Application Load Balancer from SQL injection attacks. The administrator has created a web ACL but needs to add the appropriate rules. Which approach provides the MOST comprehensive protection with the LEAST configuration effort?

    AAdd the AWS Managed Rule group `AWSManagedRulesSQLiRuleSet` to the web ACL
    BCreate a custom rule with a regex pattern to match SQL injection strings
    CConfigure a rate-based rule to block IPs that send more than 100 requests per minute
    DAdd the AWS Managed Rule group `AWSManagedRulesCommonRuleSet` only

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SOA-C03 Quiz

Key WAF & Shield Concepts for SOA-C03

wafshieldweb aclmanaged rulerate-basedddoslogging

SOA-C03 WAF & Shield Exam Tips

AWS WAF and AWS Shield questions in SOA-C03 are typically scenario-based. Focus on operations, observability, incident response, and automated remediation. Priority concepts: waf, shield, web acl, managed rule, rate-based, ddos.

What SOA-C03 Expects

  • Anchor your answer in prioritize operational visibility and repeatable runbook-ready automation.
  • WAF & Shield scenarios for SOA-C03 are frequently mapped to Domain 4 (16%), Domain 5 (18%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where WAF & Shield interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and vendor best practices.

High-Value WAF & Shield Concepts

  • Know the core WAF & Shield building blocks cold: waf, shield, web acl, managed rule.
  • Review the edge-case features and limits for rate-based, ddos; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how WAF & Shield pairs with CloudFront, Load Balancing, Security & Compliance in real deployment patterns.
  • For SOA-C03, explain why the chosen WAF & Shield design meets reliability, security, and cost expectations better than the alternatives.

Common SOA-C03 Traps

  • Watch for answers that deploy quickly but are hard to monitor or recover.
  • Questions in Security and Compliance often include distractors that look correct for WAF & Shield but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two WAF & Shield implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Security and Compliance (16%) outcomes for SOA-C03?
  • Can you explain security and access boundaries for WAF & Shield without relying on default-open assumptions?
  • Can you describe how WAF & Shield integrates with CloudFront and Load Balancing during failure, scaling, and monitoring events?

Exam Domains Covering WAF & Shield

Domain 4Security and Compliance16%Domain 5Networking and Content Delivery18%

Related Resources

🎯 Free SOA-C03 Mock Exam CloudFront Questions Load Balancing Questions Security & Compliance Questions

More SOA-C03 Study Resources

← SOA-C03 Study Hub30-Day Study PlanFull Practice Exam