Table of Contents
Question
A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic.
Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. AWS WAF
C. Amazon Macie
D. AWS Shield
Answer
B. AWS WAF
Explanation
The correct answer is (B) AWS WAF (Web Application Firewall).
AWS WAF is a web application firewall that helps protect web applications from common web exploits and attacks, such as SQL injection, cross-site scripting (XSS), and denial of service (DoS) attacks. It can be used to filter and control inbound web traffic based on custom conditions, making it an ideal solution for the question.
AWS WAF provides several features that can help a company implement custom conditions to filter and control inbound web traffic, such as:
- Security Profiles: AWS WAF allows you to define security profiles that consist of a set of rules that specify which traffic is allowed or blocked. These rules can be based on various criteria, including IP addresses, user agents, and HTTP request headers.
- Geolocation restrictions: AWS WAF allows you to block or allow traffic from specific geographic locations. This can be useful if a company wants to restrict access to its web application from specific regions or countries.
- Request and response filtering: AWS WAF provides rules that can be used to filter incoming HTTP requests and responses based on various criteria, such as HTTP request methods, request headers, and response status codes.
- Custom HTTP headers: AWS WAF allows you to add custom HTTP headers to incoming requests or responses, which can be useful for implementing custom conditions.
- Integration with other AWS services: AWS WAF can be integrated with other AWS services, such as AWS Lambda, Amazon CloudFront, and Amazon S3, to provide additional security features.
Amazon GuardDuty (A) is a cloud-native threat detection and response service that provides visibility and control of AWS accounts, workloads, and applications. While it can be used for security monitoring and threat detection, it is not specifically designed to filter and control inbound web traffic.
Amazon Macie (C) is a security service that uses machine learning to identify and protect sensitive data in AWS. While it can be used to detect and respond to security threats, it is not designed to filter and control inbound web traffic.
AWS Shield (D) is a service that provides web application and API protection against volumetric attacks. While it can be used to protect web applications and APIs from attacks, it is not designed to filter and control inbound web traffic based on custom conditions.
In conclusion, the best answer for the question is (B) AWS WAF, as it provides the necessary features and capabilities to filter and control inbound web traffic based on custom conditions.
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.