AWS Certified Cloud Practitioner (CLF-C02) — Question 516

A company wants to monitor and block malicious HTTP and HTTPS requests that its Amazon CloudFront distributions receive.

Which AWS service should the company use to meet these requirements?

Answer options

• A. Amazon GuardDuty
• B. Amazon Inspector
• C. AWS WAF
• D. Amazon Detective

Correct answer: C

Explanation

AWS WAF is a web application firewall that allows you to monitor HTTP and HTTPS requests forwarded to Amazon CloudFront and block malicious traffic before it reaches your applications. Other services like Amazon GuardDuty, Amazon Inspector, and Amazon Detective focus on intelligent threat detection, vulnerability scanning, and security investigations, respectively, rather than active web traffic filtering.