AWS Certified Cloud Practitioner — Question 791

A global company wants to use a managed security service for protection from SQL injection attacks. The service also must provide detailed logging information about access to the company’s ecommerce applications.

Which AWS service will meet these requirements?

Answer options

• A. AWS Network Firewall
• B. Amazon RDS for SQL Server
• C. Amazon GuardDuty
• D. AWS WAF

Correct answer: D

Explanation

AWS WAF is designed to protect web applications from common web exploits, including SQL injection attacks, and provides detailed logging of all blocked and allowed requests. AWS Network Firewall operates at the network layer rather than the application layer, Amazon GuardDuty is a threat detection service rather than a web application firewall, and Amazon RDS is a relational database service that does not provide application-layer security filtering.