This week has covered the second axis of infrastructure security: edge and perimeter defense. WAF (L7 filtering), Shield (DDoS absorption), Network/DNS Firewall (VPC inspection and domain control), CloudFront/ACM/OAC (edge integration and origin locking). Today we integrate these into one decision framework. The exam asks less about individual service knowledge and more about "which control should I deploy where in this situation?" The key is two-dimensional thinking: layer (what threat?) × location (where do I block it?).
| Threat/Requirement | Primary Control | Placement |
|---|---|---|
| SQLi/XSS etc |