ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 27 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 27
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company recently experienced a DDoS attack that prevented its web server from serving content. The website is static and hosts only HTML, CSS, and PDF files that users download.
Based on the architecture shown in the image, what is the BEST way to protect the site against future attacks while minimizing the ongoing operational overhead?

  • A. Move all the files to an Amazon S3 bucket. Have the web server serve the files from the S3 bucket.
  • B. Launch a second Amazon EC2 instance in a new subnet. Launch an Application Load Balancer in front of both instances.
  • C. Launch an Application Load Balancer in front of the EC2 instance. Create an Amazon CloudFront distribution in front of the Application Load Balancer.
  • D. Move all the files to an S3 bucket. Create a CloudFront distribution in front of the bucket and terminate the web server.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by delirium at March 12, 2020, 6:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
awssecuritynewbie
Highly Voted 3 years, 9 months ago
D is correct it is trying to reduce the overhead
upvoted 31 times
andwill1001
3 years ago
That's not the only important part. A also reduces overhead. The part that sets D apart is DDOS protection.
upvoted 8 times
virtual
1 year, 4 months ago
Yes, DDoS protection through CloudFront
upvoted 1 times
...
...
...
Daniel76
Highly Voted 3 years, 9 months ago
A- A single Web server does not protect against DDos B- Load balanced EC2 instances only increase availability but does not help to protect against DDos. C- ALB is redundant when there's only 1 EC2. D- best answer.
upvoted 5 times
ChauPhan
3 years, 8 months ago
C is not management overhead as we still manage EC2 web server. As the site is static, we can move it to S3 for reducing overhead
upvoted 2 times
...
...
pk0619
Most Recent 2 years ago
Selected Answer: D
BEST way is the key word
upvoted 1 times
...
dcyberguy
2 years ago
Selected Answer: B
Answer should be B. Hear me out. What is DDOS? it floods traffic to the targeted online resources. That is where an Application Load balancer comes in, to redistribute the load, in the event of a DDoS attack, your site will not be down and will continue to function normally, most especially when the workload is distributed between two EC2 Instances.
upvoted 1 times
DLG_85
12 months ago
Check this from AWS Docs please: "AWS Shield is integrated with Amazon CloudFront, which supports custom origins outside of AWS." - https://aws.amazon.com/shield/faqs/
upvoted 1 times
...
...
brpjp
2 years ago
Selected Answer: A
A s correct as have to minimize operating overhead.
upvoted 1 times
...
SaucyVip3r
2 years, 2 months ago
Selected Answer: D
D is the correct one, having a cloudfront backed architecture protects from DDoS attacks
upvoted 1 times
...
matrpro
2 years, 2 months ago
Selected Answer: D
D is the only one that protects against a DDoS. In A you could be impacted by a DDoS. All requests raches the ec2 yet.
upvoted 2 times
...
bk02
2 years, 5 months ago
Selected Answer: D
even serving content from s3 allows the ec2 to get DDOS , so using cloud front backed by s3 with WAF will help
upvoted 3 times
Dmosh
2 years, 2 months ago
WAF? where
upvoted 1 times
...
...
roguecloud
2 years, 5 months ago
Selected Answer: D
%100 all for D, and A is selected... Admins?? aaaaaadmins.... hello? :)
upvoted 4 times
...
xplusfb
2 years, 6 months ago
Absolutely correct answer is D because didnt say about web server persistancy. We should terminate the web server for static content serving.
upvoted 1 times
...
janvandermerwer
2 years, 8 months ago
Selected Answer: D
D - Static content is a suitable use case for S3. Cloudfront can then be used to present (and cache) the data for the front end. EC2 instance/s behind and ALB could work - However, this has more operational overhead and can still be overloaded if sufficient traffic occurs.
upvoted 3 times
...
arae
2 years, 8 months ago
D - because we can host a static website there and we can allow the users to download files/upload files there using cloudfront, plus it aws shield enabled.
upvoted 1 times
...
sakibmas
2 years, 9 months ago
Selected Answer: D
AWS Shield, a DDoS protection service, is enabled by default on Amazon CloudFront and automatically protects against Network/Transport layer DDoS attacks. Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/improve-your-website-availability-with-amazon-cloudfront/
upvoted 4 times
...
Mr__
2 years, 9 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: D
D for sure...
upvoted 1 times
...
sapien45
2 years, 12 months ago
What is going on here ... so much chatting, not one single pulic AWS URL to prove your points. AWS Shield, a DDoS protection service, is enabled by default on Amazon CloudFront and automatically protects against Network/Transport layer DDoS attacks. The automatic protection feature by AWS Shield Standard is available to all AWS customers at no additional cost. Customers can also use AWS WAF (Web Application Firewall) to protect against application layer DDoS attacks. https://aws.amazon.com/blogs/networking-and-content-delivery/improve-your-website-availability-with-amazon-cloudfront/
upvoted 2 times
...
xaocho
3 years ago
Selected Answer: D
go to D
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel