CLF-C02 · Question #212
CLF-C02 Question #212: Real Exam Question with Answer & Explanation
The correct answer is B: AWS WAF. AWS WAF (Web Application Firewall) is the correct choice because it is specifically designed to filter and control inbound web traffic using custom rules and conditions, such as blocking requests based on IP addresses, HTTP headers, geographic locations, or malicious patterns lik
Question
A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic. Which AWS service will meet these requirements?
Options
- AAmazon GuardDuty
- BAWS WAF
- CAmazon Macie
- DAWS Shield
Explanation
AWS WAF (Web Application Firewall) is the correct choice because it is specifically designed to filter and control inbound web traffic using custom rules and conditions, such as blocking requests based on IP addresses, HTTP headers, geographic locations, or malicious patterns like SQL injection and cross-site scripting.
Why the distractors are wrong:
- A. Amazon GuardDuty is a threat detection service that monitors for malicious activity across your AWS environment using machine learning - it does not filter or block web traffic.
- C. Amazon Macie is a data security service focused on discovering and protecting sensitive data (like PII) stored in Amazon S3 - it has nothing to do with web traffic filtering.
- D. AWS Shield provides DDoS (Distributed Denial of Service) protection, particularly against volumetric attacks - it does not support custom filtering rules for web traffic control.
Memory Tip: Think of WAF = Web Application Firewall - the name itself tells you its purpose. Whenever you see keywords like "custom rules," "filter web traffic," or "block HTTP requests," WAF is almost always the answer. Shield protects (DDoS), WAF filters (custom rules) - remember the difference!
Topics
Community Discussion
No community discussion yet for this question.