A media company’s website runs on EC2 instances behind an Application Load Balancer (ALB) with an Aurora database. The cybersecurity team reports the application is vulnerable to SQL injection. How should the company address this issue?
Choose an answer
Tap an option to check your answer.
Correct answer: Use AWS WAF in front of the ALB. Associate the appropriate web ACLs with AWS WAF..
Why this is the answer
AWS WAF (Web Application Firewall) is designed to protect web applications from common web exploits, including SQL injection, by allowing you to configure web ACLs (Access Control Lists) with rules that filter malicious traffic. Placing AWS WAF in front of the ALB ensures that incoming requests are inspected before reaching the EC2 instances. Creating an ALB listener rule to reply to SQL injections with a fixed response is ineffective because the malicious request would still reach the ALB, and an ALB is not designed to detect or block application-layer attacks like SQL injection. AWS Shield Advanced provides DDoS protection but does not specifically block SQL injection attempts at the application layer. Amazon Inspector is a security assessment service that identifies vulnerabilities but does not actively block threats in real-time.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed