A company is hosting a web application on EC2 instances behind an Application Load Balancer (ALB). The company wants to protect the application from common web exploits like SQL injection and cross-site scripting (XSS). Which AWS service should be used?

Answer options:

AWS Shield Advanced

Amazon GuardDuty

AWS WAF

AWS Network Firewall

How to approach this question

Identify the service that protects against Layer 7 attacks (SQLi, XSS). AWS WAF attaches to ALBs, API Gateway, and CloudFront.

Full Answer

C.AWS WAF✓ Correct

AWS WAF lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers and body, or custom URIs, protecting against SQLi and XSS.

Common mistakes

Confusing WAF (Layer 7 web exploits) with Shield (DDoS protection).

Question 07 All questions Question 09

Practice the full AWS SAA-C03 Practice Exam 7

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...Medium Q02An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the ...Easy Q03A company wants to implement federated access to the AWS Management Console for its employees usi...Medium Q04A company is building a mobile application that requires users to sign in using their social medi...Easy Q05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...Medium

View all 65 questions →