Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 156 discussion

Shield Advance is not COST-EFFECTIVE DDoS protection solution, for the basic DDOS protection we can use CloudFront for static content with S3 and ALB.

To create a resilient architecture that can withstand DDoS attacks in a cost-effective manner, the company should choose Option B: Put the EC2 instances into an Auto Scaling group behind an Elastic Load Balancing (ELB) load balancer. Use Amazon CloudFront with Amazon S3 as an origin. This solution leverages the scalability of Auto Scaling groups and ELB to handle traffic spikes, while Amazon CloudFront provides DDoS protection at the edge, reducing the load on the origin servers. Using S3 as the origin for static content ensures efficient content delivery.

The key is the first sentence: “concerned about possible ddos attacks”. So I'll go with B. Cost-Effectiveness Analysis Smaller-Scale or Infrequent DDoS Attacks: Use EC2 with Auto Scaling, ELB, and CloudFront. Frequent or Sophisticated Attacks:AWS Shield Advanced becomes cost-effective

AWS cloudfront includes basic shield, But shield advanced provides cost protection against any infrastructure cost incurred due to ddos Since the company is only “worried” about ddos and it is not actually happening, basic ddos protection included in cloudfront should suffice over shield advanced I would have opted for shield advanced if there were indications of the application being huge or being very critical to the company

NOT D. AWS Shield Advanced: This provides advanced DDoS protection but comes with a significant cost compared to CloudFront's built-in capabilities. AWS Shield Advanced is effective but may not be the most cost-effective solution for a general web application without high sensitivity or stringent uptime requirements. Therefore, Option B provides an architecture that balances both cost and resilience against DDoS attacks effectively.

B.javascript:void(0) B is much cheaper than D. Amazon CloudFront is protected by default against DDoS attacks through AWS Shield Standard, which provides automatic protection at no additional cost. This protection includes safeguards against common DDoS attacks on the CloudFront edge network.

DDD is the correct

D is the answer. At first glance, it may be B, but if Auto Scaling already reaches its maximum, the service will be paralyzed. However, if you set the maximum number of EC2s to unlimited, your wallet will explode. D is the answer if you want to meet the requirements of the problem at a lower cost.

DDOS comming+AutoScaling = 1000 ec2 will open :)) cost increases it will be very high. By the way, I did not see the phrase "best cost" in the question. DDOS protection = AWS Shield . I will Go to D.

Option D makes more sense to me. "Subscribe to AWS Shield Advance".

Option B (Auto Scaling, ELB, CloudFront with S3): The costs can vary widely based on your specific usage patterns (e.g., traffic volume, instance types, storage requirements, etc.). It involves paying for compute resources, load balancing, content delivery, and storage, with costs scaling based on usage. Option D (AWS Shield Advanced): Costs $3,000 per month per organization. This cost provides comprehensive DDoS protection across AWS services, including automated attack detection and mitigation by AWS experts. PLUSSSSSSSSSSSSS Scalability and Performance: Option B provides scalable and performant infrastructure for normal traffic conditions and some level of traffic spikes. It improves availability and latency through caching and load balancing mechanisms. DDoS Protection: Option D (AWS Shield Advanced) is specifically designed for mitigating DDoS attacks, offering proactive protection against large-scale and sophisticated DDoS attacks. It includes access to AWS DDoS Response Team for immediate assistance during attacks.

My answer is B Load Balancing: An ELB distributes incoming traffic across multiple EC2 instances, ensuring that no single instance is overwhelmed by traffic. This helps to prevent a single point of failure and reduces the impact of a DDoS attack. Auto Scaling: Auto Scaling ensures that the number of EC2 instances is adjusted based on the load, so if an instance fails or becomes overwhelmed, another instance is launched to replace it. This maintains the availability of the application. CloudFront: Amazon CloudFront acts as a reverse proxy, caching frequently accessed content and reducing the load on the EC2 instances. It also provides a static IP address, which can be used to configure firewall rules and improve security. S3 as Origin: Using S3 as the origin for CloudFront ensures that static content is served efficiently and securely, reducing the load on the EC2 instances and making the application more resilient to DDoS attacks.

B - Key is MOST cost effective. Cost-Effective: Using Auto Scaling, ELB, CloudFront, and S3 together is a cost-effective way to manage traffic loads and protect against DDoS attacks. AWS Shield Advanced is an expensive premium service. B will be a cheaper solution.

D for DDOS

D is the most cost-effective solution for mitigating DDoS attacks and maintaining a resilient architecture.