A company is planning on using AWS EC2 and AWS CloudFront for its web application. For which one of the below attacks is the usage of CloudFront most suited?

Answer options:

A.Cross-site scripting
B.SQL Injection
C.DDoS attacks
D.Malware attacks

Answer: C
Options A is incorrect because AWS WAF is most suited for prevention against cross-site scripting attacks on AWS infrastructure and services.
Options B is incorrect because AWS WAF is most suited for prevention against SQL Injection attacks on AWS infrastructure and services.
Option C is CORRECT because CloudFront has extensive mitigation techniques for standard flood-type attacks against SSL. To thwart SSL renegotiation-type attacks, CloudFront disables renegotiation and hence protects against DDoS attacks on AWS infrastructure and services.
Option D is incorrect because for better protection against Malware on AWS, services such as AWS Inspector, EC2 Systems Manager, and AWS Shield can be used.
For more information on security with CloudFront, kindly refer to the following URL:
https://d1.awsstatic.com/whitepapers/Security/Secure_content_delivery_with_CloudFront_whitepaper.pdf