ACorrect
AWS WAF — blocks malicious requests to web applications using rules.
Correct. AWS WAF inspects HTTP requests and blocks web attacks such as SQLi and XSS based on rules.
Which of the following correctly pair an AWS security service with its main role? Choose 2.
1 / 1
Select all that apply
CorrectA, D
Explanation
Choosing the 2 correct pairings of security service and role.
- 1「an AWS security service with its main role」Correctly map the roles of WAF / Shield / GuardDuty / Macie / KMS
BIncorrect
AWS Shield — detects and classifies personal information in S3.
Detecting and classifying personal information in S3 is the role of Amazon Macie.
Shield is a DDoS mitigation service, so the pairing is wrong and it is incorrect.
CIncorrect
Amazon GuardDuty — creates and manages encryption keys.
Creating and managing encryption keys is the role of AWS KMS.
GuardDuty is a threat-detection service, so the pairing is wrong and it is incorrect.
DCorrect
Amazon GuardDuty — analyzes logs to detect threats.
Correct. Amazon GuardDuty continuously analyzes various logs and automatically detects suspicious activity and threats.
EIncorrect
AWS WAF — specializes in mitigating DDoS attacks.
The service that specializes in mitigating DDoS attacks is AWS Shield.
WAF blocks attacks at the web application layer, so the pairing is wrong and it is incorrect.
Key Takeaway
Role mapping: WAF = block web attacks / Shield = DDoS mitigation / GuardDuty = threat detection / Macie = sensitive-data detection / KMS = key management. Swapping service names and roles is the classic trap.