AWS Certified Cloud Practitioner — Question 567

An application is receiving SQL injection attacks from multiple external resources.

Which AWS service or feature can help automate mitigation against these attacks?

Answer options

• A. AWS WAF
• B. Security groups
• C. Elastic Load Balancer
• D. Network ACL

Correct answer: A

Explanation

AWS WAF (Web Application Firewall) is designed to inspect HTTP/HTTPS traffic at the application layer (Layer 7), allowing it to identify and automatically block SQL injection patterns. In contrast, Security groups and Network ACLs operate at the network layer (Layers 3 and 4) and cannot inspect the payload of web requests to detect SQL injection. An Elastic Load Balancer distributes incoming application traffic but does not inherently filter or mitigate application-layer exploits unless combined with AWS WAF.