Question #1265
A company is using an Application Load Balancer (ALB) to distribute traffic for its web application. The company needs to define rules to block specific attack patterns, such as SQL injection and cross-site scripting (XSS), targeting the ALB.
Which AWS service should be used to fulfill this requirement?
Amazon GuardDuty
AWS WAF
Amazon Macie
AWS Shield
Explanation
AWS WAF is designed to protect web applications from common web exploits by allowing users to create rules that filter malicious traffic. SQL injection and XSS are common attack vectors that WAF can block using predefined or custom rulesets.
- Why B is correct: AWS WAF integrates directly with ALB, enabling rule-based traffic filtering to block specific attack patterns.
- Why others are incorrect:
- A. Amazon GuardDuty: A threat detection service for monitoring suspicious activity, not for blocking attacks at the ALB level.
- C. Amazon Macie: Focuses on data security and sensitive data discovery (e.g., in S3), unrelated to traffic filtering.
- D. AWS Shield: Provides DDoS protection but does not support custom rules for SQL/XSS attacks.
Key Points: AWS WAF is the go-to service for application-layer protection against web exploits. It works with ALB, API Gateway, and CloudFront.
Answer
The correct answer is: B