exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 156 discussion

A company is worried about potential DDoS attacks. The company has a web application that runs on Amazon EC2 instances. The application uses Amazon S3 to serve static content such as images and videos.

A security engineer must create a resilient architecture that can withstand DDoS attacks.

Which solution will meet these requirements MOST cost-effectively?

  • A. Create an Amazon CloudWatch alarm that invokes an AWS Lambda function when an EC2 instance’s CPU utilization reaches 90%. Program the Lambda function to update security groups that are attached to the EC2 instance to deny inbound ports 80 and 443.
  • B. Put the EC2 instances into an Auto Scaling group behind an Elastic Load Balancing (ELB) load balancer. Use Amazon CioudFront with Amazon S3 as an origin.
  • C. Set up a warm standby disaster recovery (DR) environment. Fail over to the warm standby DR environment if a DDoS attack is detected on the application.
  • D. Subscribe to AWS Shield Advanced. Configure permissions to allow the Shield Response Team to manage resources on the company's behalf during a DDoS event.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
IPLogic
3 days ago
Selected Answer: B
To create a resilient architecture that can withstand DDoS attacks in a cost-effective manner, the company should choose Option B: Put the EC2 instances into an Auto Scaling group behind an Elastic Load Balancing (ELB) load balancer. Use Amazon CloudFront with Amazon S3 as an origin. This solution leverages the scalability of Auto Scaling groups and ELB to handle traffic spikes, while Amazon CloudFront provides DDoS protection at the edge, reducing the load on the origin servers. Using S3 as the origin for static content ensures efficient content delivery.
upvoted 1 times
...
throdrigo
4 days, 22 hours ago
Selected Answer: B
The key is the first sentence: “concerned about possible ddos attacks”. So I'll go with B. Cost-Effectiveness Analysis Smaller-Scale or Infrequent DDoS Attacks: Use EC2 with Auto Scaling, ELB, and CloudFront. Frequent or Sophisticated Attacks:AWS Shield Advanced becomes cost-effective
upvoted 1 times
...
723993f
1 week, 4 days ago
Selected Answer: B
AWS cloudfront includes basic shield, But shield advanced provides cost protection against any infrastructure cost incurred due to ddos Since the company is only “worried” about ddos and it is not actually happening, basic ddos protection included in cloudfront should suffice over shield advanced I would have opted for shield advanced if there were indications of the application being huge or being very critical to the company
upvoted 1 times
...
mzeynalli
3 weeks, 3 days ago
Selected Answer: B
NOT D. AWS Shield Advanced: This provides advanced DDoS protection but comes with a significant cost compared to CloudFront's built-in capabilities. AWS Shield Advanced is effective but may not be the most cost-effective solution for a general web application without high sensitivity or stringent uptime requirements. Therefore, Option B provides an architecture that balances both cost and resilience against DDoS attacks effectively.
upvoted 1 times
...
BietTuot
3 weeks, 4 days ago
Selected Answer: B
B.javascript:void(0) B is much cheaper than D. Amazon CloudFront is protected by default against DDoS attacks through AWS Shield Standard, which provides automatic protection at no additional cost. This protection includes safeguards against common DDoS attacks on the CloudFront edge network.
upvoted 1 times
...
golden_fish
3 weeks, 6 days ago
DDD is the correct
upvoted 1 times
...
pagom
1 month ago
Selected Answer: D
D is the answer. At first glance, it may be B, but if Auto Scaling already reaches its maximum, the service will be paralyzed. However, if you set the maximum number of EC2s to unlimited, your wallet will explode. D is the answer if you want to meet the requirements of the problem at a lower cost.
upvoted 2 times
...
komik_101
1 month, 1 week ago
Selected Answer: D
DDOS comming+AutoScaling = 1000 ec2 will open :)) cost increases it will be very high. By the way, I did not see the phrase "best cost" in the question. DDOS protection = AWS Shield . I will Go to D.
upvoted 1 times
...
FunkyFresco
3 months, 1 week ago
Selected Answer: D
Option D makes more sense to me. "Subscribe to AWS Shield Advance".
upvoted 1 times
...
cumzle_com
5 months, 1 week ago
Selected Answer: B
Option B (Auto Scaling, ELB, CloudFront with S3): The costs can vary widely based on your specific usage patterns (e.g., traffic volume, instance types, storage requirements, etc.). It involves paying for compute resources, load balancing, content delivery, and storage, with costs scaling based on usage. Option D (AWS Shield Advanced): Costs $3,000 per month per organization. This cost provides comprehensive DDoS protection across AWS services, including automated attack detection and mitigation by AWS experts. PLUSSSSSSSSSSSSS Scalability and Performance: Option B provides scalable and performant infrastructure for normal traffic conditions and some level of traffic spikes. It improves availability and latency through caching and load balancing mechanisms. DDoS Protection: Option D (AWS Shield Advanced) is specifically designed for mitigating DDoS attacks, offering proactive protection against large-scale and sophisticated DDoS attacks. It includes access to AWS DDoS Response Team for immediate assistance during attacks.
upvoted 2 times
cumzle_com
5 months, 1 week ago
Sorry D is the correct anwser
upvoted 2 times
kupo777
4 months, 3 weeks ago
B is correct. Although it is not effective in preventing HTTP flood attacks, it is an effective method for low-layer DDoS attacks, and given the cost efficiency requirement, it seems undesirable to use "D:AWS Shield Advanced".
upvoted 1 times
...
...
...
aescudero51
5 months, 4 weeks ago
Selected Answer: B
My answer is B Load Balancing: An ELB distributes incoming traffic across multiple EC2 instances, ensuring that no single instance is overwhelmed by traffic. This helps to prevent a single point of failure and reduces the impact of a DDoS attack. Auto Scaling: Auto Scaling ensures that the number of EC2 instances is adjusted based on the load, so if an instance fails or becomes overwhelmed, another instance is launched to replace it. This maintains the availability of the application. CloudFront: Amazon CloudFront acts as a reverse proxy, caching frequently accessed content and reducing the load on the EC2 instances. It also provides a static IP address, which can be used to configure firewall rules and improve security. S3 as Origin: Using S3 as the origin for CloudFront ensures that static content is served efficiently and securely, reducing the load on the EC2 instances and making the application more resilient to DDoS attacks.
upvoted 1 times
...
DeadDropLabs
6 months ago
Selected Answer: B
B - Key is MOST cost effective. Cost-Effective: Using Auto Scaling, ELB, CloudFront, and S3 together is a cost-effective way to manage traffic loads and protect against DDoS attacks. AWS Shield Advanced is an expensive premium service. B will be a cheaper solution.
upvoted 2 times
...
Cedhulk
6 months ago
Selected Answer: D
D for DDOS
upvoted 2 times
...
mehmetsungur
6 months, 3 weeks ago
D is the most cost-effective solution for mitigating DDoS attacks and maintaining a resilient architecture.
upvoted 1 times
mzeynalli
3 weeks, 1 day ago
Have you ever heard of someone taking down AWS CloudFront or S3? 😉 Amazon CloudFront is a powerful global content delivery network (CDN) that’s designed to absorb and mitigate large amounts of traffic, making it very effective for mitigating DDoS attacks. It caches static content and significantly reduces the direct load on your backend, like EC2 instances and Amazon S3. Using Amazon S3 as an origin for your static content (such as images and videos) takes the load off your primary application servers, further enhancing both the resilience and scalability of the architecture. Together, CloudFront and S3 make a pretty solid combination that distributes traffic, automatically scales resources, and mitigates attacks effectively. With CloudFront caching and absorbing traffic, you're leveraging one of the most resilient services out there.
upvoted 1 times
...
mzeynalli
3 weeks, 1 day ago
P.S. Also, the keyword here is "The company has a web application that runs." It would be option D if the context was about gaming applications that deliver UDP traffic.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...