AWS Certified Cloud Practitioner — Question 478

Which AWS service or feature offers HTTP attack protection to users running public-facing web applications?

Answer options

• A. Security groups
• B. Network ACLs
• C. AWS WAF
• D. AWS Shield Standard

Correct answer: C

Explanation

AWS WAF is specifically designed to protect web applications from common web exploits and bots at the application layer (HTTP/HTTPS). While Security groups and Network ACLs control traffic at the network and transport layers, they cannot inspect HTTP payloads. AWS Shield Standard protects against layer 3 and 4 DDoS attacks but does not offer the layer 7 rule-based filtering provided by AWS WAF.