AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Explanation:

Explanation

AWS WAF (Web Application Firewall) is the correct service for this requirement because:

Purpose: AWS WAF is specifically designed to protect web applications from common web exploits by allowing you to create custom rules to filter and control inbound web traffic.
Functionality: It enables you to create custom conditions to:
- Block or allow requests based on IP addresses
- Filter based on HTTP headers, HTTP body, or URI strings
- Protect against SQL injection attacks
- Mitigate cross-site scripting (XSS) attacks
- Set rate-based rules to limit request rates
Comparison with other options:
- Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior (not for custom traffic filtering)
- Amazon Macie: A security service that uses machine learning to discover, classify, and protect sensitive data (not for web traffic filtering)
- AWS Shield: A managed Distributed Denial of Service (DDoS) protection service (provides automatic protection rather than custom rule-based filtering)
Integration: AWS WAF can be deployed on Amazon CloudFront, Application Load Balancer (ALB), or Amazon API Gateway, making it suitable for protecting web applications hosted on EC2 instances.

Key Takeaway: When you need to implement custom conditions to filter and control inbound web traffic for web applications, AWS WAF is the appropriate AWS service.

Explanation:

Explanation

AWS WAF (Web Application Firewall) is the correct service for this requirement because:

Purpose: AWS WAF is specifically designed to protect web applications from common web exploits by allowing you to create custom rules to filter and control inbound web traffic.
Functionality: It enables you to create custom conditions to:
- Block or allow requests based on IP addresses
- Filter based on HTTP headers, HTTP body, or URI strings
- Protect against SQL injection attacks
- Mitigate cross-site scripting (XSS) attacks
- Set rate-based rules to limit request rates
Comparison with other options:
- Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior (not for custom traffic filtering)
- Amazon Macie: A security service that uses machine learning to discover, classify, and protect sensitive data (not for web traffic filtering)
- AWS Shield: A managed Distributed Denial of Service (DDoS) protection service (provides automatic protection rather than custom rule-based filtering)
Integration: AWS WAF can be deployed on Amazon CloudFront, Application Load Balancer (ALB), or Amazon API Gateway, making it suitable for protecting web applications hosted on EC2 instances.

Key Takeaway: When you need to implement custom conditions to filter and control inbound web traffic for web applications, AWS WAF is the appropriate AWS service.

Comments (0)

No comments yet.

A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic. Which AWS service will meet these requirements?

Real Exam

Community

RRitesh

Last updated: December 2, 2025 at 18:03

Amazon GuardDuty

0.0%

AWS WAF

100.0%

Amazon Macie

AWS Shield