AWS Certified Cloud Practitioner — Question 895

Which AWS services or tools are designed to protect a workload from SQL injections, cross-site scripting, and DDoS attacks? (Choose two.)

Answer options

• A. VPC endpoint
• B. Virtual private gateway
• C. AWS Shield Standard
• D. AWS Config
• E. AWS WAF

Correct answer: E

Explanation

AWS WAF protects web applications from common exploits like SQL injection and cross-site scripting (XSS) by filtering web traffic based on customizable rules. AWS Shield Standard defends systems against infrastructure-level DDoS attacks at no additional charge. Other options like VPC endpoints, Virtual private gateways, and AWS Config are used for network connectivity and configuration compliance rather than threat mitigation.