You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose three.)
A.
Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
B.
Use dedicated instances to ensure that each instance has the maximum performance possible.
C.
Use an Amazon CloudFront distribution for both static and dynamic content.
D.
Use an Elastic Load Balancer with auto scaling groups at the web, app and Amazon Relational Database Service (RDS) tiers
E.
Add alert Amazon CloudWatch to look for high Network in and CPU utilization.
F.
Create processes and capabilities to quickly add and remove rules to the instance OS firewall.
This is an old question. WAF is not an option. From what is here I choose CEF. D is not right because you cant put an ELB in front of RDS. Also the OS firewall should not be modified on EC2 since that is what Security Groups are for. So, in general I would discard this question as valid but if I had to choose 3 I'd go with CEF
Yes, I agree. CEF may correct. RDS won't support ELB. We can use L4 or L7 LB in front of RDS instances for horizontal load balancing such as HAProxy or layer 7 SQL-aware load balancer. https://aws.amazon.com/blogs/database/scaling-your-amazon-rds-instance-vertically-and-horizontally/
The only reason I can think of that they list the OS firewall in F is they might mean rules that blacklist malicious IP blocks, which cannot be done with security groups. Then again you shouldn't be letting that traffic even reach your EC2 instances and should instead by relying on other measures to block that traffic.
C. Use an Amazon CloudFront distribution for both static and dynamic content.
D. Use an Elastic Load Balancer with auto scaling groups at the web, app and Amazon Relational Database Service (RDS) tiers
E. Add alert Amazon CloudWatch to look for high Network in and CPU utilization.
A, B
Surely C,
E + D is good. but ELB is not for RDS, there are other ways to scale RDS
F, Sounds good, but what do you try to block or allow?
CDE is my choice
C. Use an Amazon CloudFront distribution for both static and dynamic content.
D. Use an Elastic Load Balancer with auto scaling groups at the web, app and Amazon Relational Database Service (RDS) tiers
E. Add alert Amazon CloudWatch to look for high Network in and CPU utilization.
Why not use AWS Shield or AWS WAF rules?
https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc
https://aws.amazon.com/waf/faqs/
Can I use Rate-based rule to mitigate Web layer DDoS attacks?
Yes. This new rules type is designed to protect you from use cases such web-layer DDoS attacks, brute force login attempts and bad bots.
C and E are clear choices. May be F is the 3rd one which can help to mitigate though it sounds a manual step. A and B does not help to mitigate while they improve only performance. D does not mitigate anything.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
iliri_i
Highly Voted 3 years, 6 months agoravisar
3 years, 2 months agoatlasga
2 years, 8 months agoamministrazione
Most Recent 8 months, 3 weeks agoSkyZeroZx
1 year, 10 months agoTigerInTheCloud
2 years, 4 months agoicanfly
2 years, 7 months agohilft
2 years, 9 months agocldy
3 years, 4 months ago[Removed]
3 years, 6 months agobobsmith2000
2 years, 11 months agopradhyumna
3 years, 6 months agopradhyumna
3 years, 6 months ago01037
3 years, 7 months agoppshein
3 years, 7 months agocldy
3 years, 7 months agonitinz
3 years, 7 months agoExtHo
3 years, 7 months ago