What combination of steps could a Solutions Architect take to protect a web workload running on Amazon EC2 from DDoS and application layer attacks? (Choose two.)
A.
Put the EC2 instances behind a Network Load Balancer and configure AWS WAF on it.
B.
Migrate the DNS to Amazon Route 53 and use AWS Shield.
C.
Put the EC2 instances in an Auto Scaling group and configure AWS WAF on it.
D.
Create and use an Amazon CloudFront distribution and configure AWS WAF on it.
E.
Create and use an internet gateway in the VPC and use AWS Shield.
I go with B and D
"AWS Shield Standard automatically protects your Amazon Route 53 Hosted Zones from infrastructure layer DDoS attacks"
https://aws.amazon.com/shield/?nc1=h_ls&whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc
"AWS WAF can be deployed on Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync."
https://aws.amazon.com/waf/faqs/
Most likely answers:
B and D
A - NLB Doesn't support WAF
C - ASG direct doesn't support waf - needs an ALB/Cloudfront in front
E - Shield is included by default anyway
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Waiweng
Highly Voted 3 years, 7 months agoCarisB
Highly Voted 3 years, 8 months agoevargasbrz
Most Recent 2 years, 5 months agojanvandermerwer
2 years, 7 months agoVizz5585
2 years, 7 months agoTechX
2 years, 11 months agoKiraguJohn
2 years, 11 months agotartarus23
3 years, 1 month agoroka_ua
3 years, 2 months agoshotty1
3 years, 4 months agoAzureDP900
3 years, 6 months agotonikus
3 years, 7 months agoWhyIronMan
3 years, 7 months agoAmitv2706
3 years, 7 months agoblackgamer
3 years, 7 months agonitinz
3 years, 8 months agoawsexamprep47
3 years, 8 months ago