Q32 — AWS SAA-C03 Ch.1
Question 32 of 65 | ← Chapter 1
Q32. A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks.Which solution meets these requirements?
- A. Enable Amazon Guard Duty on th account
- B. Enable Amazon Inspector on the EC2 instances
- C. Enable AWS Shield and assign Amazon Route 53 to it.
- D. Enable AWS Shield Advancd and assign the ELB to it. ✓
Correct Answer: D. Enable AWS Shield Advancd and assign the ELB to it.
Explanation
To detect and protect against large-scale DDoS attacks, the company should enable AWS Shield Advanced. It provides additional protection against DDoS attacks and automatically mitigates them. Assigning the Elastic Load Balancer (ELB) to AWS Shield Advanced is also recommended, as it will ensure that all traffic passing through the ELB is protected. This approach is more efficient than assigning individual instances to AWS Shield. Option A is incorrect because Amazon Guard Duty is not designed specifically for DDoS attack detection and protection. Option B is incorrect because Amazon Inspector is a security assessment service that helps identify potential security issues within the infrastructure of the EC2 instances, but it is not designed to detect or mitigate DDoS attacks. Option C is partially correct because AWS Shield can provide some level of protection against DDoS attacks, but it only provides basic protection compared to AWS Shield Advanced. Additionally, it's recommended to assign the ELB to AWS Shield Advanced for maximum protection.