Which service is MOST suitable to block malicious requests targeting web applications, such as SQL injection and cross-site scripting (XSS), based on rules?
A question to choose the service that blocks malicious requests to web applications.
AWS WAF
Correct. AWS WAF (Web Application Firewall) is a service that inspects HTTP/HTTPS requests and blocks web attack patterns such as SQL injection and XSS based on rules. It is applied in front of CloudFront, ALB, or API Gateway to protect web applications.
AWS Shield
AWS Shield is a service specialized in protection from DDoS attacks, mainly at the network and transport layers.
Its role is mitigating high-volume traffic attacks, and it does not inspect and block the content of requests with rules at the application layer, such as SQL injection or XSS, so this is incorrect.
Amazon GuardDuty
Amazon GuardDuty is a service that continuously analyzes logs to detect (notify of) signs of threats.
Its role is detection, and it does not block malicious requests on the spot, so this is incorrect.
Amazon Inspector
Amazon Inspector is a service that scans and assesses EC2 instances and container images for known vulnerabilities in advance.
Its role is identifying weaknesses, and it does not block incoming malicious requests in real time, so this is incorrect.
'SQLi', 'XSS', and 'malicious requests to web applications' are AWS WAF (blocking L7 requests with rules). Distinguish it from Shield (DDoS mitigation), GuardDuty (detection only), and Inspector (advance scanning) by 'what it does at which stage.'