AWS Certified Cloud Practitioner — Question 788

Which AWS service is deployed to VPCs and provides protection from common network threats?

Answer options

• A. AWS Shield
• B. AWS WAF
• C. AWS Network Firewall
• D. AWS Firewall Manager

Correct answer: C

Explanation

AWS Network Firewall is a managed service that deploys directly into a VPC to offer stateful inspection, intrusion prevention, and web filtering at the network layers. AWS WAF is designed to protect web applications at the application layer (Layer 7), AWS Shield provides DDoS protection, and AWS Firewall Manager centrally manages firewall rules across accounts.