Q54 — AWS SCS-C02 Ch.1
Question 54 of 100 | ← Chapter 1
An ecommerce website was down for 1 hour following a DDoS attack. Users were unable to connect to the website during the attack period. The ecommerce company’s security team is worried about future potential attacks and wants to prepare for such events. The company needs to minimize downtime in its response to similar attacks in the future. Which steps would help achieve this? (Choose two.)
- A. Enable Amazon GuardDuty to automatically monitor for malicious activity and block unauthorized access.
- B. Subscribe to AWS Shield Advanced and reach out to AWS Support in the event of an attack. ✓
- C. Use VPC Flow Logs to monitor network traffic and an AWS Lambda function to automatically block an attacker’s IP using security groups.
- D. Set up an Amazon EventBridge rule to monitor the AWS CloudTrail events in real time, use AWS Cong rules to audit the configuration, and use AWS Systems Manager for remediation.
- E. Use AWS WAF to create rules to respond to such attacks. ✓
Correct Answer: B. Subscribe to AWS Shield Advanced and reach out to AWS Support in the event of an attack., E. Use AWS WAF to create rules to respond to such attacks.
Explanation
AWS Shield Advanced专门针对DDoS攻击提供增强防护,包括实时攻击可视化和直接访问AWS DDoS响应团队(DRT),在攻击发生时快速响应。AWS WAF允许自定义规则过滤恶意流量,应对应用层攻击,两者结合可有效减少服务中断时间。选项C的自动化方案依赖日志分析和脚本执行,可能存在延迟;选项D侧重于配置审计而非实时攻击缓解。参考AWS文档:Shield Advanced降低复杂DDoS攻击影响,WAF规则库包含预定义DDoS防护规则。