ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 205 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 205
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company needs to protect against potential botnet command and control traffic from any Amazon EC2 instances that is in in the company’s AWS Environment.

Which solution will meet these requirements?

  • A. Use AWS Shield Advanced. Activate Shield Advanced protections on the EC2 instances to filter and block botnet traffic.
  • B. Use Amazon Route 53 Resolver DNS Firewall. Add a rule to a rule group to use the AWSManagedDomainsBotnetCommandandControl managed domain list with an action to block botnet traffic.
  • C. Use AWS WAF Bot Control. Configure a managed rule group that uses an AWS managed rule set to block botnet traffic.
  • D. Use AWS Systems Manager. Run a Systems Manager Automation runbook on the EC2 instances to configure the instances to block botnet traffic.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by jhon648274 at Aug. 11, 2024, 4:18 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AzureDP900
4 months ago
Selected Answer: B
It provides a proactive and automated way to block known botnets and their command and control traffic.
upvoted 2 times
...
woorkim
4 months, 2 weeks ago
Selected Answer: B
Amazon Route 53 Resolver DNS Firewall with the AWSManagedDomainsBotnetCommandandControl managed rule group: Scalable and Managed: Automatically updates the list of known botnet domains. Preemptive Blocking: Prevents EC2 instances from resolving malicious domains. Low Operational Overhead: Easy to implement and maintain.
upvoted 2 times
...
luisgu
8 months ago
Selected Answer: B
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.html
upvoted 3 times
...
cas_tori
8 months, 1 week ago
Selected Answer: B
this is B
upvoted 1 times
...
Cacheirez
8 months, 3 weeks ago
Selected Answer: B
The question talks about "botnet command and control traffic". The most common and effective way to intercept such traffic is at the DNS level, where many botnets rely on domain names to communicate with their C2 servers. The Amazon Route 53 Resolver DNS Firewall is specifically designed to block DNS queries to known malicious domains, including those used for botnet C2 traffic. If it was application-level traffic AWS WAF Bot Control would apply.
upvoted 2 times
...
[Removed]
8 months, 3 weeks ago
B. his service allows you to filter and block DNS queries for known malicious domains, including those associated with botnets. By using the AWSManagedDomainsBotnetCommandandControl managed domain list, you can specifically target and block DNS queries that attempt to reach botnet command and control servers.
upvoted 1 times
...
jhon648274
8 months, 3 weeks ago
Correct answer should be B - this avoids instances from responding / connecting to malicious controllers
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago