AWS Certified Cloud Practitioner — Question 976

A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an
Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?

Answer options

• A. Security groups
• B. AWS WAF
• C. Network ACLs
• D. AWS Shield

Correct answer: B

Explanation

AWS WAF (Web Application Firewall) enables the creation of custom web ACL rules to inspect HTTP/HTTPS traffic and block common application-layer attacks like SQL injection. Security groups and Network ACLs operate at the network layers (Layer 3 and 4) and cannot inspect the application payload. AWS Shield is focused on protecting applications against Distributed Denial of Service (DDoS) attacks rather than SQL injection exploits.