Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 187 discussion

Answer is A. AWS WAF is a web application firewall that helps detect and mitigate web application layer DDoS attacks by inspecting traffic inline. Application layer DDoS attacks use well-formed but malicious requests to evade mitigation and consume application resources. You can define custom security rules (also called web ACLs) that contain a set of conditions, rules, and actions to block attacking traffic. After you define web ACLs, you can apply them to CloudFront distributions, and web ACLs are evaluated in the priority order you specified when you configured them. Real-time metrics and sampled web requests are provided for each web ACL. https://aws.amazon.com/blogs/security/how-to-protect-dynamic-web-applications-against-ddos-attacks-by-using-amazon-cloudfront-and-amazon-route-53/

Shouldn’t it be A?

B is a joke !

A due to the WAF

The best soluntion is AWS Shield, so the next soln would be A. - You can use AWS WAF web access control lists (web ACLs) to help minimize the effects of a Distributed Denial of Service (DDoS) attack. For additional protection against DDoS attacks, "

Guard Duty is Reactive

To find the most EFFECTIVE solution A.(O) Rate-based rule statement https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-rate-based.html B.(X) custom Lambda function is not best-practice, not effective C.(X) custom Lambda function is not best-practice, not effective D.(X) It maybe possible to detect DDos vis GuardDuty, but it seems like to require efforts a lot. Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following Data sources: VPC Flow Logs, AWS CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IP addresses, or domains. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html

Why isn't the answer D? GuardDuty from DDos attacks?

whgich one

A is wrong it can provide only preventive action it can not provide mitigation hence AWS came up with Shield. Correct Answer is D. https://aws.amazon.com/blogs/security/how-to-use-amazon-guardduty-and-aws-web-application-firewall-to-automatically-block-suspicious-hosts/

A is correct.

Answer D Ref: https://aws.amazon.com/blogs/security/how-to-use-amazon-guardduty-and-aws-web-application-firewall-to-automatically-block-suspicious-hosts/ https://d2908q01vomqb2.cloudfront.net/22d200f8670dbdb3e253a90eee5098477c95c23d/2018/07/31/GuardDuty-WAF-01.png

Answer is A since WAF is included in AWS Shield Advanced and is recommend for DDos attacks. https://docs.aws.amazon.com/pt_br/waf/latest/developerguide/ddos-overview.html

A is correct. "AWS WAF is a web application firewall that helps detect and mitigate web application layer DDoS attacks by inspecting traffic inline. Application layer DDoS attacks use well-formed but malicious requests to evade mitigation and consume application resources"

a rubbish question imo. (a) is probably the right answer as a waf can kind of do this with rate-based rules, but if the ddos was from thousands of different ip addresses then it might not go over the threshold to trigger it. i would expect to see aws shield as an answer here, but it's not.

Correct answer is A, bhenchod.

more and more wrong answers....