ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 161 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 161
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Website currently runs on Amazon EC2, with mostly static content on the site. Recently, the site was subjected to a DDoS attack, and a Security Engineer was tasked with redesigning the edge security to help mitigate this risk in the future.
What are some ways the Engineer could achieve this? (Choose three.)

  • A. Use AWS X-Ray to inspect the traffic going to the EC2 instances.
  • B. Move the static content to Amazon S3, and front this with an Amazon CloudFront distribution.
  • C. Change the security group configuration to block the source of the attack traffic.
  • D. Use AWS WAF security rules to inspect the inbound traffic.
  • E. Use Amazon Inspector assessment templates to inspect the inbound traffic.
  • F. Use Amazon Route 53 to distribute traffic.
Show Suggested Answer Hide Answer
Suggested Answer: BDF 🗳️
by PeppaPig at Aug. 29, 2020, 9:15 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PeppaPig
Highly Voted 3 years, 7 months ago
Answer is BD&F Those are things you can do at edge location to mitigate DDoS
upvoted 26 times
...
Jack_London
Highly Voted 3 years, 7 months ago
BDF. https://aws.amazon.com/blogs/security/how-to-protect-dynamic-web-applications-against-ddos-attacks-by-using-amazon-cloudfront-and-amazon-route-53/
upvoted 15 times
...
Raphaello
Most Recent 1 year, 2 months ago
Selected Answer: BDF
BDF are the correct answer, though Route 53 is not going to distribute traffic, it will just add alias to CloudFront distribution and CloudFront will take it from there.
upvoted 1 times
...
ITGURU51
2 years, 1 month ago
The following AWS tools can be used to devise a robust DDos mitigation strategy: WAF, Route 53, CloudFront.
upvoted 1 times
...
sapien45
2 years, 10 months ago
Selected Answer: BDF
https://aws.amazon.com/blogs/security/how-to-protect-your-web-application-against-ddos-attacks-by-using-amazon-route-53-and-a-content-delivery-network
upvoted 1 times
...
TigerInTheCloud
3 years, 1 month ago
Selected Answer: BDF
B and D for sure. C can be done, but F seems more "political" correct :-) A - X-Ray is for analyze and debug production, distributed applications not DDoS B - Yes C - Possible, SG only allows access from CF (https://aws.amazon.com/blogs/security/automatically-update-security-groups-for-amazon-cloudfront-ip-ranges-using-aws-lambda/) D - Yes E - Inspector is not for DDoS F - Is mentioned in the blog https://aws.amazon.com/blogs/security/how-to-protect-your-web-application-against-ddos-attacks-by-using-amazon-route-53-and-a-content-delivery-network
upvoted 2 times
...
Radhaghosh
3 years, 3 months ago
Selected Answer: BDF
Answer B, D, F B. Move the static content to Amazon S3, and front this with an Amazon CloudFront distribution. D. Use AWS WAF security rules to inspect the inbound traffic. F. Use Amazon Route 53 to distribute traffic. Rest options are not required.
upvoted 1 times
...
skipbaylessfor3
3 years, 6 months ago
Yup its B D F A: No, X-ray is more used for checking latency at a very low level, not really to inspect or mitigate against DDoS attacks C: You can't really use security groups to block DDoS attacks because they're usually coming from tons of places I think E: Amazon Inspector can't inspect inbound traffic
upvoted 6 times
...
Kalz
3 years, 7 months ago
Ans : B D F
upvoted 1 times
...
farziuser
3 years, 7 months ago
B D and F
upvoted 1 times
...
kj07
3 years, 7 months ago
Answer: BDF AWS X-Ray, SG and Inspector are not helping in this scenario
upvoted 2 times
...
Awraith
3 years, 7 months ago
Agreed with BDF
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel