Answer-first summary for fast verification
Answer: AWS WAF
## Explanation **AWS WAF (Web Application Firewall)** is the correct answer because: - **AWS WAF** is specifically designed to protect web applications from common web exploits like SQL injection attacks - It allows you to create custom rules to block specific attack patterns - It integrates seamlessly with Application Load Balancers (ALB) to inspect HTTP/HTTPS traffic - You can define rules that filter out SQL injection patterns in request parameters, headers, and body **Why other options are incorrect:** - **Security groups**: These are stateful firewalls that control traffic at the instance level (EC2 level), but they don't inspect application-layer content for SQL injection patterns - **Network ACLs**: These are stateless firewalls that control traffic at the subnet level, operating at the network layer (Layer 3/4), not the application layer - **AWS Shield**: This is a DDoS protection service that protects against distributed denial-of-service attacks, not specifically SQL injection attacks AWS WAF provides granular control over web traffic and can be configured with managed rule sets from AWS Marketplace or custom rules to specifically target SQL injection vulnerabilities.
Author: Ritesh Yadav
Ultimate access to all questions.
A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances. Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
A
Security groups
B
AWS WAF
C
Network ACLs
D
AWS Shield
No comments yet.