AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic.
Which AWS service will meet these requirements?
Real Exam
Community
RRitesh
A
Amazon GuardDuty
B
AWS WAF
C
Amazon Macie
D
AWS Shield
Explanation:
Explanation
AWS WAF (Web Application Firewall) is the correct service for this requirement because:
-
Purpose: AWS WAF is specifically designed to protect web applications from common web exploits by allowing you to create custom rules to filter and control inbound web traffic.
-
Functionality: It enables you to create custom conditions to:
-
Block or allow requests based on IP addresses
-
Filter based on HTTP headers, HTTP body, or URI strings
-
Protect against SQL injection attacks
-
Mitigate cross-site scripting (XSS) attacks
-
Set rate-based rules to limit request rates
-
-
Comparison with other options:
-
Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior (not for custom traffic filtering)
-
Amazon Macie: A security service that uses machine learning to discover, classify, and protect sensitive data (not for web traffic filtering)
-
AWS Shield: A managed Distributed Denial of Service (DDoS) protection service (provides automatic protection rather than custom rule-based filtering)
-
-
Integration: AWS WAF can be deployed on Amazon CloudFront, Application Load Balancer (ALB), or Amazon API Gateway, making it suitable for protecting web applications hosted on EC2 instances.
Key Takeaway: When you need to implement custom conditions to filter and control inbound web traffic for web applications, AWS WAF is the appropriate AWS service.
Comments
Loading comments...