Exam AWS Certified Security - Specialty topic 1 question 27 discussion

D is correct it is trying to reduce the overhead

A- A single Web server does not protect against DDos B- Load balanced EC2 instances only increase availability but does not help to protect against DDos. C- ALB is redundant when there's only 1 EC2. D- best answer.

BEST way is the key word

Answer should be B. Hear me out. What is DDOS? it floods traffic to the targeted online resources. That is where an Application Load balancer comes in, to redistribute the load, in the event of a DDoS attack, your site will not be down and will continue to function normally, most especially when the workload is distributed between two EC2 Instances.

A s correct as have to minimize operating overhead.

D is the correct one, having a cloudfront backed architecture protects from DDoS attacks

D is the only one that protects against a DDoS. In A you could be impacted by a DDoS. All requests raches the ec2 yet.

even serving content from s3 allows the ec2 to get DDOS , so using cloud front backed by s3 with WAF will help

%100 all for D, and A is selected... Admins?? aaaaaadmins.... hello? :)

Absolutely correct answer is D because didnt say about web server persistancy. We should terminate the web server for static content serving.

D - Static content is a suitable use case for S3. Cloudfront can then be used to present (and cache) the data for the front end. EC2 instance/s behind and ALB could work - However, this has more operational overhead and can still be overloaded if sufficient traffic occurs.

D - because we can host a static website there and we can allow the users to download files/upload files there using cloudfront, plus it aws shield enabled.

AWS Shield, a DDoS protection service, is enabled by default on Amazon CloudFront and automatically protects against Network/Transport layer DDoS attacks. Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/improve-your-website-availability-with-amazon-cloudfront/

D is correct

D for sure...

What is going on here ... so much chatting, not one single pulic AWS URL to prove your points. AWS Shield, a DDoS protection service, is enabled by default on Amazon CloudFront and automatically protects against Network/Transport layer DDoS attacks. The automatic protection feature by AWS Shield Standard is available to all AWS customers at no additional cost. Customers can also use AWS WAF (Web Application Firewall) to protect against application layer DDoS attacks. https://aws.amazon.com/blogs/networking-and-content-delivery/improve-your-website-availability-with-amazon-cloudfront/

go to D