How can you combine API Gateway throttling with AWS WAF to improve API protection against sudden traffic surges?

hard📝 Application Q9 of 15

AWS - API Gateway

ADisable API Gateway throttling and rely only on WAF

BSet API Gateway throttling limits higher than WAF limits

CUse WAF only for authentication, not for rate limiting

DUse WAF rate-based rules to block IPs exceeding thresholds, and API Gateway throttling for overall limits

Step-by-Step Solution

Solution:

Step 1: Understand WAF and API Gateway roles
WAF can block malicious IPs with rate-based rules; API Gateway throttling controls overall request rate.
Step 2: Combine protections
Use WAF to block abusive clients early; API Gateway throttling protects backend from general overload.
Final Answer:
Use WAF rate-based rules to block IPs exceeding thresholds, and API Gateway throttling for overall limits -> Option D
Quick Check:
WAF + throttling = layered protection = B [OK]

Quick Trick: Combine WAF IP blocking with throttling for best protection [OK]

Common Mistakes:

MISTAKES

Master "API Gateway" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes