AWS Certified SysOps Administrator – Associate (legacy) — Question 894

During a security investigation, it is determined that there is a coordinated attack on the web applications deployed on Amazon EC2. The attack is performed through malformed HTTP headers.
What AWS service of feature would prevent this traffic from reaching the EC2 instances?

Answer options

• A. Amazon Inspector
• B. Amazon Security Groups
• C. AWS WAF
• D. Application Load Balancer (ALB)

Correct answer: C

Explanation

AWS WAF (Web Application Firewall) operates at Layer 7 and can inspect HTTP headers to block malformed or malicious requests before they reach Amazon EC2. Amazon Security Groups operate at Layer 4 and cannot inspect application-layer payloads like HTTP headers. Amazon Inspector is a vulnerability scanner rather than an active traffic filtering tool.