Exam AWS Certified Security - Specialty topic 1 question 266 discussion

A D and E

Answer A, D, E A. Amazon Route 53. --> Reduce attack Surface B. AWS Certificate Manager (ACM) --> Not relevant DDoS C. Amazon S3 --> Not relevant DDoS D. AWS Shield --> Service for DDoS E. Elastic Load Balancer --> Increase Availability F. Amazon GuardDuty --> Not relevant for DDoS

Route 53 Shield Elastic Load Balancer ADE

ADE make sense to defend against DDoS. Route 53 for flexible routing policies ELB for load balancing and absorbing large number of request Shield to protect against L3/L4 DDoS

The only deman question is making is Protection. why i prefered F over E. Some of the DDoS-related detections GuardDuty can provide include: + activity like unusual API activity or port scanning that could indicate an attacker scanning for vulnerabilities to exploit. + Instance compromise through detections like outbound denial of service activity or unusually high network traffic volumes that could point to an instance being used to launch a DDoS attack. +Account compromise through unusual infrastructure launches or API access patterns that an attacker may use to hijack AWS resources for a DDoS botnet.

The combination of AWS services and features that provide protection in this scenario are: A. Amazon Route 53 - This service provides DNS-based routing and can help to mitigate DDoS attacks by using health checks to identify healthy endpoints and automatically routing traffic away from any endpoints that are under attack. D. AWS Shield - This service provides protection against DDoS attacks at both the network and application layer. It can detect and mitigate attacks in real time, and is available in two tiers: AWS Shield Standard and AWS Shield Advanced. E. Elastic Load Balancer - ELB provides protection against DDoS attacks by distributing traffic across multiple instances, and by using a range of techniques to filter out malicious traffic. Note: ACM, S3, and GuardDuty are not directly related to mitigating layer 3 and layer 4 DDoS attacks.

C - S3 - does not make any sense

Nowadays I will say that option A D and F is also right https://aws.amazon.com/premiumsupport/knowledge-center/waf-mitigate-ddos-attacks/

Reduce DDoS Risks Using Amazon Route 53 and AWS Shield https://aws.amazon.com/blogs/aws/reduce-ddos-risks-using-amazon-route-53-and-aws-shield/

if missing any of these 3 answers, I will choose C as the third answer. S3 for static content web hosting with help on route53

A, D and E

AWS shield advance provide ddos protection to route53, LB, EC2 etc. But you don’t have to combine all of them. So, except shield, for me, others are not valid.

A, D , E

ADE all the way

A D and E The link provide full discerption https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc