Explanation

Correct Answer: A

AWS WAF (Web Application Firewall) is specifically designed to protect web applications from common web exploits, including SQL injection attacks. By deploying AWS WAF in front of the ALB and configuring appropriate web ACLs (Access Control Lists) with SQL injection protection rules, the company can effectively mitigate SQL injection vulnerabilities.

Why other options are incorrect:

B: ALB listener rules are used for routing traffic based on conditions like path patterns or host headers, not for security protection against SQL injection. ALB cannot inspect application-layer payloads for SQL injection patterns.

C: AWS Shield Advanced is a DDoS (Distributed Denial of Service) protection service, not designed to protect against SQL injection attacks. While it provides advanced DDoS protection, it doesn't inspect application-layer content for SQL injection patterns.

D: Amazon Inspector is an automated security assessment service that helps identify security vulnerabilities and deviations from best practices, but it does not actively block attacks. It's a vulnerability assessment tool, not a real-time protection service.

Key AWS Services for SQL Injection Protection:

1. AWS WAF - Provides real-time protection against SQL injection and other web exploits
2. Managed Rules for AWS WAF - Pre-configured rulesets including SQL injection protection
3. AWS WAF web ACLs - Custom rule sets that can be tailored to specific application needs

Best Practice: The company should implement AWS WAF with SQL injection protection rules while also addressing the root cause by implementing proper input validation and parameterized queries in their application code.