ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 148 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 148
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A global company must mitigate and respond to DDoS attacks at Layers 3, 4 and 7. All of the company's AWS applications are serverless with static content hosted on Amazon S3 using Amazon CloudFront and Amazon Route 53.
Which solution will meet these requirements?

  • A. Use AWS WAF with an upgrade to the AWS Business support plan.
  • B. Use AWS Certificate Manager with an Application Load Balancer configured with an origin access identity.
  • C. Use AWS Shield Advanced.
  • D. Use AWS WAF to protect AWS Lambda functions encrypted with AWS KMS, and a NACL restricting all ingress traffic.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://aws.amazon.com/shield/faqs/
by PeppaPig at Aug. 29, 2020, 12:51 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DanMuniz
Highly Voted 3 years, 7 months ago
C. As an AWS Shield Advanced customer, you can contact the 24x7 AWS DDoS Response Team (DRT) for assistance during a DDoS attack. You also have exclusive access to advanced, real-time metrics and reports for extensive visibility into attacks on your AWS resources. With the assistance of the DRT, AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer (layer 4) attacks, but also for application layer (layer 7) attacks. https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html
upvoted 13 times
...
Raphaello
Most Recent 1 year, 2 months ago
Selected Answer: C
Option C. AWS Shield Advanced for $3000/month is the solution here.
upvoted 1 times
...
ITGURU51
2 years ago
AWS Shield Advanced provides layer 7 protection. The basic version only work at layer 3 and 4. Therefore the answer is C.
upvoted 1 times
...
sanjaym
3 years, 6 months ago
C. Shield for Layer 3
upvoted 4 times
sapien45
2 years, 8 months ago
Wrong. Shiled Advanced for layer 7
upvoted 1 times
...
...
deegadaze1
3 years, 7 months ago
C is the best answer! 1. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your website or applications. While AWS Shield Standard helps protect all AWS customers, you get particular benefit if you are using Amazon CloudFront and Amazon Route 53. These services receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks. 2. AWS Shield Advanced provides expanded DDoS attack protection for web applications running on the resources. 3. As an AWS Shield Advanced customer, you can contact the 24x7 AWS DDoS Response Team (DRT) for assistance during a DDoS attack. 4.AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer (layer 4) attacks, but also for application layer (layer 7) attacks...etc
upvoted 4 times
...
PeppaPig
3 years, 7 months ago
Changing my answer to A. AWS Shield Advanced protects DDoS on L3, L4. You need AWS WAF for L7 protection https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf
upvoted 3 times
Dic
3 years, 7 months ago
AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer (layer 4) attacks, but also for application layer (layer 7) attacks. https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html
upvoted 5 times
...
deegadaze1
3 years, 7 months ago
C is the best answer ; check it again- AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your website or applications. While AWS Shield Standard helps protect all AWS customers, you get particular benefit if you are using Amazon CloudFront and Amazon Route 53. These services receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.
upvoted 1 times
...
skipbaylessfor3
3 years, 6 months ago
In the whitepaper you linked, it says the following: Benefits from using AWS Shield Advanced include: • Access to AWS WAF, at no additional cost, for the mitigation of application layer DDoS attacks (when used with Amazon CloudFront or ALB). and earlier it refers to the 'application layer' as L6 and L7. Thus, AWS Shield Advanced is sufficient because it includes AWS WAF in it. So I would go with Answer C. Also, Answer A makes it seem like WAF comes with a Business support plan, which I don't think it does
upvoted 2 times
...
...
freddyman
3 years, 7 months ago
In the real world probably WAF -> CloudFront -> API gateway, with AWS Shield standard. Shield Advanced is really for mission critical stuff as it's so expensive. The answer is likely C, as A: support plan irrelevent in this context B: OIA is for S3 C: would actually work D: you don't encrypt lambda functions with KMS, not in this context, and a NACL restricting all ingress traffic makes no sense
upvoted 2 times
...
PeppaPig
3 years, 8 months ago
my take is C
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago