AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances. Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
Real Exam
Community
RRitesh
A
Security groups
B
AWS WAF
C
Network ACLs
D
AWS Shield
Explanation:
Explanation
AWS WAF (Web Application Firewall) is the correct answer because:
-
AWS WAF is specifically designed to protect web applications from common web exploits like SQL injection attacks
-
It allows you to create custom rules to block specific attack patterns
-
It integrates seamlessly with Application Load Balancers (ALB) to inspect HTTP/HTTPS traffic
-
You can define rules that filter out SQL injection patterns in request parameters, headers, and body
Why other options are incorrect:
-
Security groups: These are stateful firewalls that control traffic at the instance level (EC2 level), but they don't inspect application-layer content for SQL injection patterns
-
Network ACLs: These are stateless firewalls that control traffic at the subnet level, operating at the network layer (Layer 3/4), not the application layer
-
AWS Shield: This is a DDoS protection service that protects against distributed denial-of-service attacks, not specifically SQL injection attacks
AWS WAF provides granular control over web traffic and can be configured with managed rule sets from AWS Marketplace or custom rules to specifically target SQL injection vulnerabilities.
Comments
Loading comments...