Answer: A and C
Option A is CORRECT because you can deploy AWS WAF with the Application Load Balancer that fronts your web servers or origin servers running on EC2. You can selectively allow or deny access to specific parts of your web application. You can also guard against various SQL injection attacks by creating match conditions and using the WAF rule to block requests that match the condition.
Option B is incorrect because AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. Still, it would not assist in the prevention against the SQL Injection attacks on the application.
Option C is CORRECT because AWS WAF provides a SQL Injection Match Condition for detecting SQL Injection code and integrates with AWS CloudFront. When you create a web ACL, you can specify one or more CloudFront distributions that you want AWS WAF to inspect, including SQL Injection.
Option D is incorrect because Amazon GuardDuty is a threat detection service that continuously monitors malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. Still, it would not assist in the prevention against the SQL Injection attacks on the application.
Option E is incorrect because AWS Systems Manager allows us to view operational data from multiple AWS services and automate operational tasks across your AWS resources. Still, it would not assist in the prevention against the SQL Injection attacks on the application.
Reference
https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html