AWS Certified SysOps Administrator – Associate (legacy) — Question 504

A Development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.
Which AWS service will mitigate this issue?

Answer options

• A. AWS Shield Standard
• B. AWS WAF
• C. Elastic Load Balancing
• D. Amazon Cognito

Correct answer: B

Explanation

AWS WAF (Web Application Firewall) is designed to protect web applications from common web exploits, including cross-site scripting (XSS) and SQL injection. AWS Shield Standard provides protection against DDoS attacks but does not mitigate application-layer vulnerabilities like XSS. Elastic Load Balancing distributes incoming traffic and Amazon Cognito manages user identity and authentication, meaning neither service can directly block XSS exploits.