The correct answer is A, AWS WAF (Web Application Firewall). AWS WAF is specifically designed to protect web applications from a variety of common web exploits, including SQL injection and cross-site scripting attacks. It allows users to create custom rules that can block, allow, or monitor web traffic based on defined conditions. These conditions can include IP addresses, HTTP headers, HTTP body, URI strings, and patterns associated with SQL injection and XSS attacks. AWS WAF integrates with other AWS services like Amazon CloudFront and Application Load Balancer to provide an additional layer of security for web applications. The other options, while important for security and protection, do not specifically focus on the type of web application protection mentioned in the question: B) AWS Shield Advanced is for DDoS protection, C) Amazon GuardDuty is for monitoring malicious activity and unauthorized behavior, and D) Amazon Detective is for analyzing and investigating potential security issues.