Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 35 discussion

Answer is D C is incorrect because question says Third party DNS and route 53 is AWS proprietary

AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, CloudFront distributions, Route 53 hosted zones, and AWS Global Accelerator standard accelerators.

Answer is D

Ans D. Shield (Advanced) is built for DDoS and can interface to ELB

A: GuardDuty is not for this, mostly for account monitoring for suspicious activity B: Inspector is for OS vulnerabilities C: Shield with R53 is not going to protect against DDoS D: Shield Advanced is build for DDoS protection

Prevent large scale DDOS attack = AWS Shield Advanced

Answer-D

- In addition to the network and transport layer protections that come with Standard, Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall. https://aws.amazon.com/shield/features/#:~:text=In%20addition%20to%20the%20network,WAF%2C%20a%20web%20application%20firewall.

This one got me to be honest

Option A is incorrect because Amazon GuardDuty is a threat detection service that focuses on identifying malicious activity and unauthorized behavior within AWS accounts. While it is useful for detecting various security threats, it does not specifically address large-scale DDoS attacks. Option B is also incorrect because Amazon Inspector is a vulnerability assessment service that helps identify security issues and vulnerabilities within EC2. It does not directly protect against DDoS attacks. Option C is not the optimal choice because AWS Shield provides basic DDoS protection for resources such as Elastic IP addresses, CloudFront, and Route53 hosted zones. However, it

D, but can be tricky, the third party negates Route53

Answer D. Learn section on AWS Advanced Shield on aws.Amazon.com to help you understand this. It helped me.

answer is D

DDos = AWS Shield

large-scale DDos leads to advanced instead of standard AWS Shield.

Keyword "large-scale DDoS attacks" , "Amazon EC2", "VPC", "ELB", "3rd service used for DNS". Amazon GuardDuty https://aws.amazon.com/guardduty/ Intelligent threat detection. AWS Shield https://aws.amazon.com/shield/ Automatically detect and mitigate sophisticated network-level DDoS. AWS Shield Advanced with ELB https://aws.amazon.com/about-aws/whats-new/2022/04/aws-shield-application-balancer-automatic-ddos-mitigation/ . Choose D.

Option D is the right answer for this.