Question #754
A company needs to block Cross-Site Scripting (XSS) attacks.
Which AWS service or feature can meet this requirement?
AWS WAF
AWS Shield
Network ACLs
Security groups
Explanation
AWS WAF is the correct answer because it provides granular control over web traffic and includes pre-configured rules to block common attack patterns like XSS. XSS attacks involve injecting malicious scripts into web requests, which AWS WAF can detect and block by analyzing request content.
Other options are incorrect because:
- B. AWS Shield: Focuses on DDoS protection, not application-layer attacks like XSS.
- C. Network ACLs: Operate at the network layer (IP/port level) and cannot inspect HTTP/HTTPS content.
- D. Security groups: Act as stateful firewalls for EC2 instances but also lack application-layer inspection capabilities.
Key Takeaway: AWS WAF is purpose-built for mitigating application-layer vulnerabilities like XSS, while other services focus on network-layer security or DDoS protection.
Answer
The correct answer is: A