Your company has a web application hosted in AWS that makes use of an Application Load Balancer. You need to ensure that the web application is protected from web-based attacks such as cross-site scripting etc.
Which of the following implementation steps can help protect web applications from common security threats from the outside world?
 

Answer options:

A.Place a NAT instance in front of the web application to protect against attacks.
B.Use the WAF service in front of the web application.
C.Place a NAT gateway in front of the web application to protect against attacks.
D.Place the web application in front of a CDN service instead.

Answer – B
The AWS Documentation mentions the following.
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules designed for your specific application. 
Options A and C are incorrect because these are used to allow instances in your private subnet to communicate with the internet.
Option D is incorrect since this is ideal for content distribution and good when you have DDoS attacks, but the WAF should be used for concentrated types of web attacks.
For more information on AWS WAF, please refer to the below link-
https://aws.amazon.com/waf/