AWS Certified SysOps Administrator Practice Exam

Which AWS service should you use to handle a significant increase in traffic that appears to be malicious?

• A. Amazon Inspector
• B. AWS Shield
• C. AWS Web Application Firewall (WAF)
• D. AWS Security Hub

The correct answer is: AWS Web Application Firewall (WAF)

Selecting AWS Web Application Firewall (WAF) as the service to handle a significant increase in traffic that appears to be malicious is appropriate due to its primary function of protecting web applications from various forms of attacks, particularly those commonly associated with increased traffic such as SQL injection and cross-site scripting. WAF operates by allowing you to create rules that filter and monitor HTTP requests, enabling the blocking or allowing of traffic based on predefined conditions. This targeted response helps mitigate threats by inspecting incoming traffic to determine if it aligns with the security policies you've set. In scenarios where there is a sudden spike in traffic that seems suspicious or harmful, WAF can be instrumental in safeguarding your web applications by identifying malicious requests and preventing them from reaching your servers. While other services play important roles in security, they serve different purposes. For instance, AWS Shield offers protection against Distributed Denial of Service (DDoS) attacks, which can indeed be a type of malicious traffic spike, but WAF provides more granular control over web application security. Amazon Inspector is focused on security assessments and vulnerability identification, and AWS Security Hub serves as a centralized view of your security posture across multiple services, helping aggregate findings but not specifically addressing real-time traffic filtering needs. Therefore, AWS WAF is