A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application is experiencing SQL injection attacks. Which AWS service should a solutions architect use to block these attacks?

Answer options:

AWS Shield Standard

AWS WAF

Amazon GuardDuty

Network Access Control Lists (NACLs)

How to approach this question

Identify the attack type (Layer 7 web exploit). AWS WAF is designed specifically for this.

Full Answer

B.AWS WAF✓ Correct

AWS WAF can be attached to an ALB to filter web traffic based on rules you define, including managed rule groups that specifically block SQL injection (SQLi) and cross-site scripting (XSS).

Common mistakes

Confusing AWS Shield (DDoS) with AWS WAF (Web exploits).

Question 02 All questions Question 04

Practice the full AWS SAA-C03 Practice Exam 3

65 questions · hints · full answers · grading

More questions from this exam

Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...Easy Q02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Medium Q04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...Medium Q05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium Q06An application running on Amazon EC2 needs to access an Amazon DynamoDB table. What is the MOST s...Easy

View all 65 questions →