Q59 — AWS ANS-C01 Ch.1
Question 59 of 100 | ← Chapter 1
A company needs to protect against potential botnet command and control traffic from any Amazon EC2 instances that is in in the company’s AWS Environment. Which solution will meet these requirements?
- A. Use AWS Shield Advanced. Activate Shield Advanced protections on the EC2 instances to filter and block botnet traffic.
- B. Use Amazon Route 53 Resolver DNS Firewall. Add a rule to a rule group to use the AWSManagedDomainsBotnetCommandandControl Managed domain list with an action to block botnet traffic. ✓
- C. Use AWS WAF Bot Control. Configure a managed rule group that uses an AWS managed rule set to block botnet traffic.
- D. Use AWS Systems Manager. Run a Systems Manager Automation runbook on the EC2 instances to configure the instances to block botnet Traffic.
Correct Answer: B. Use Amazon Route 53 Resolver DNS Firewall. Add a rule to a rule group to use the AWSManagedDomainsBotnetCommandandControl Managed domain list with an action to block botnet traffic.
Explanation
该题考查AWS环境中阻断僵尸网络命令控制流量的核心防护手段。关键点在于通过DNS层阻断恶意域名解析,因僵尸网络常通过特定域名建立C2通信。Amazon Route 53 Resolver DNS Firewall可直接拦截对托管黑名单域名的请求,使用AWSManagedDomainsBotnetCommandandControl预置列表实现精准封禁,而AWS Shield Advanced侧重DDoS防护,WAF Bot Control聚焦应用层流量,Systems Manager需依赖实例级配置,均不直接阻断DNS层C2连接。