Q59 — AWS ANS-C01 Ch.1

Question 59 of 100 | ← Chapter 1

A company needs to protect against potential botnet command and control traffic from any Amazon EC2 instances that is in in the company’s AWS Environment. Which solution will meet these requirements?

Correct Answer: B. Use Amazon Route 53 Resolver DNS Firewall. Add a rule to a rule group to use the AWSManagedDomainsBotnetCommandandControl Managed domain list with an action to block botnet traffic.

Explanation

该题考查AWS环境中阻断僵尸网络命令控制流量的核心防护手段。关键点在于通过DNS层阻断恶意域名解析,因僵尸网络常通过特定域名建立C2通信。Amazon Route 53 Resolver DNS Firewall可直接拦截对托管黑名单域名的请求,使用AWSManagedDomainsBotnetCommandandControl预置列表实现精准封禁,而AWS Shield Advanced侧重DDoS防护,WAF Bot Control聚焦应用层流量,Systems Manager需依赖实例级配置,均不直接阻断DNS层C2连接。