The best answer is D. WAF.

A WAF (Web Application Firewall) is designed to inspect and filter malicious HTTP and HTTPS traffic aimed at a web application. If a site is receiving a large number of malicious requests that are causing performance problems, a WAF is the best control among these options because it can detect and block harmful web requests before they impact the application.

This can help mitigate attacks such as:

malicious web requests

application-layer abuse

some denial-of-service style request floods

common web exploits

Why the other options are incorrect:

A. IPSecIPSec secures network-layer communications, not malicious web request filtering.

B. TLSTLS encrypts data in transit, but it does not stop malicious requests.

C. SDNSoftware-defined networking helps manage network architecture, but it is not the most direct preventive control for malicious web traffic.

From a Security+ standpoint, malicious requests against a web application are best mitigated by a WAF, so D is correct.