AWS Certified SysOps Administrator – Associate — Question 113

A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.

Which AWS service will mitigate this issue?

Answer options

• A. AWS Shield Standard
• B. AWS WAF
• C. Elastic Load Balancing
• D. Amazon Cognito

Correct answer: B

Explanation

The correct answer is AWS WAF, as it is specifically designed to protect web applications from common web exploits like cross-site scripting. AWS Shield Standard provides DDoS protection but does not address application vulnerabilities, while Elastic Load Balancing and Amazon Cognito do not focus on mitigating web security threats.