AWS Certified Cloud Practitioner — Question 712

A company has an AWS-hosted website located behind an Application Load Balancer. The company wants to safeguard the website from SQL injection or cross-site scripting.

Which AWS service should the company use?

Answer options

• A. Amazon GuardDuty
• B. AWS WAF
• C. AWS Trusted Advisor
• D. Amazon Inspector

Correct answer: B

Explanation

AWS WAF (Web Application Firewall) directly protects web applications behind an Application Load Balancer from common web exploits like SQL injection and cross-site scripting. Other services like Amazon GuardDuty, Amazon Inspector, and AWS Trusted Advisor focus on threat detection, vulnerability scanning, and infrastructure optimization respectively, rather than real-time application-layer filtering.