ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 396 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 396
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has implemented a self-managed DNS service on AWS. The solution consists of the following:

• Amazon EC2 instances in different AWS Regions
• Endpoints of a standard accelerator in AWS Global Accelerator

The company wants to protect the solution against DDoS attacks.

What should a solutions architect do to meet this requirement?

  • A. Subscribe to AWS Shield Advanced. Add the accelerator as a resource to protect.
  • B. Subscribe to AWS Shield Advanced. Add the EC2 instances as resources to protect.
  • C. Create an AWS WAF web ACL that includes a rate-based rule. Associate the web ACL with the accelerator.
  • D. Create an AWS WAF web ACL that includes a rate-based rule. Associate the web ACL with the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by [deleted] at March 10, 2023, 4:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
WherecanIstart
Highly Voted 1 year, 4 months ago
Selected Answer: A
DDoS attacks = AWS Shield Advance Shield Advance protects Global Accelerator, NLB, ALB, etc
upvoted 13 times
...
Abrar2022
Highly Voted 1 year, 1 month ago
Selected Answer: A
DDoS attacks = AWS Shield Advance resource as Global Acc
upvoted 5 times
...
pentium75
Most Recent 6 months, 3 weeks ago
Selected Answer: A
Global Accelerator is what is exposed to the Internet = where DDoS attacks could land = what must be protected by Shield Advanced
upvoted 5 times
...
Guru4Cloud
10 months, 4 weeks ago
Selected Answer: B
So, the correct option is: B. Subscribe to AWS Shield Advanced. Add the EC2 instances as resources to protect. Here's why this option is the most appropriate: A. While you can add the accelerator as a resource to protect with AWS Shield Advanced, it's generally more effective to protect the individual resources (in this case, the EC2 instances) because AWS Shield Advanced will automatically protect resources associated with Global Accelerator
upvoted 1 times
awsgeek75
6 months, 1 week ago
Which EC2 instance? Global Accelerator works by providing anycast IP addresses for the underlying resource (our EC2 in this case) so every end user trying to reach the EC2 server HAS to go through the Global Accelerator which is why the Global Accelerator needs to be protected and not the EC2.
upvoted 5 times
...
...
TariqKipkemei
1 year, 1 month ago
Selected Answer: A
DDoS attacks = AWS Shield Advanced
upvoted 3 times
...
nileshlg
1 year, 4 months ago
Selected Answer: A
Answer is A https://docs.aws.amazon.com/waf/latest/developerguide/ddos-event-mitigation-logic-gax.html
upvoted 2 times
...
ktulu2602
1 year, 4 months ago
Selected Answer: A
AWS Shield is a managed service that provides protection against Distributed Denial of Service (DDoS) attacks for applications running on AWS. AWS Shield Standard is automatically enabled to all AWS customers at no additional cost. AWS Shield Advanced is an optional paid service. AWS Shield Advanced provides additional protections against more sophisticated and larger attacks for your applications running on Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Route 53.
upvoted 4 times
...
[Removed]
1 year, 4 months ago
Selected Answer: A
aaaaa accelator can not be attached to shield
upvoted 2 times
[Removed]
1 year, 4 months ago
bbbbbbbbb
upvoted 1 times
enzomv
1 year, 4 months ago
Your origin servers can be Amazon Simple Storage Service (S3), Amazon EC2, Elastic Load Balancing, or a custom server outside of AWS. You can also enable AWS Shield Advanced directly on Elastic Load Balancing or Amazon EC2 in the following AWS Regions - Northern Virginia, Ohio, Oregon, Northern California, Montreal, São Paulo, Ireland, Frankfurt, London, Paris, Stockholm, Singapore, Tokyo, Sydney, Seoul, Mumbai, Milan, and Cape Town. My answer is B
upvoted 2 times
pentium75
6 months, 3 weeks ago
You CAN enable Shield Advanced directly on EC2. You CAN also expose EC2 instances directly to the Internet. But in this case, what is exposed to the Internet (= where DDoS attacks could land) is the Global Accelerator, not your EC2 instances.
upvoted 3 times
...
enzomv
1 year, 4 months ago
https://docs.aws.amazon.com/waf/latest/developerguide/ddos-event-mitigation-logic-gax.html Sorry I meant A
upvoted 3 times
...
...
...
ktulu2602
1 year, 4 months ago
Yes it can: AWS Shield is a managed service that provides protection against Distributed Denial of Service (DDoS) attacks for applications running on AWS. AWS Shield Standard is automatically enabled to all AWS customers at no additional cost. AWS Shield Advanced is an optional paid service. AWS Shield Advanced provides additional protections against more sophisticated and larger attacks for your applications running on Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Route 53.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago