A public web application behind an Application Load Balancer is receiving SQL injection and cross-site scripting attack attempts. Which service filters these malicious requests before they reach the application?
A) AWS Shield Standard.
B) AWS WAF (Web Application Firewall).
C) Amazon Inspector.
D) Security Groups.
Correct Answer: B
Explanation: AWS WAF inspects HTTP/HTTPS requests and lets you block SQL injection, XSS, and other Layer 7 exploits at the ALB or CloudFront, including via managed rule groups. (A) Shield protects against DDoS. (C) Inspector assesses vulnerabilities, it doesn’t filter live traffic. (D) Security Groups filter by IP/port, not request content.