Answer – C
Options A and B are incorrect since these can be used to blacklist IPs.
Option D is incorrect since this cannot be used to prevent attacks from the Internet.
The AWS Documentation mentions the following.
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over traffic to allow or block your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
For more information on the AWS WAF, please refer to the below URL
https://aws.amazon.com/waf/