Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 35 discussion

Answer is D C is incorrect because question says Third party DNS and route 53 is AWS proprietary

AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, CloudFront distributions, Route 53 hosted zones, and AWS Global Accelerator standard accelerators.

Only AWS Shield Advanced can help against DDos attacks and since we are using a third-party DNS so we can't attach it to Route 53.

Enabling AWS Shield Advanced provides advanced protection against large-scale DDoS attacks. Assigning the ELB to AWS Shield Advanced ensures that traffic to the web application is monitored and protected with enhanced mitigation techniques. The solution also offers a direct response mechanism (via the AWS DDoS Response Team) for further assistance during attacks.

Ans. D - Keyword - Large-scale DDoS attacks which the AWS Shield Advanced can prevent

Answer is D

Ans D. Shield (Advanced) is built for DDoS and can interface to ELB

A: GuardDuty is not for this, mostly for account monitoring for suspicious activity B: Inspector is for OS vulnerabilities C: Shield with R53 is not going to protect against DDoS D: Shield Advanced is build for DDoS protection

Prevent large scale DDOS attack = AWS Shield Advanced

Answer-D

- In addition to the network and transport layer protections that come with Standard, Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall. https://aws.amazon.com/shield/features/#:~:text=In%20addition%20to%20the%20network,WAF%2C%20a%20web%20application%20firewall.

This one got me to be honest

Option A is incorrect because Amazon GuardDuty is a threat detection service that focuses on identifying malicious activity and unauthorized behavior within AWS accounts. While it is useful for detecting various security threats, it does not specifically address large-scale DDoS attacks. Option B is also incorrect because Amazon Inspector is a vulnerability assessment service that helps identify security issues and vulnerabilities within EC2. It does not directly protect against DDoS attacks. Option C is not the optimal choice because AWS Shield provides basic DDoS protection for resources such as Elastic IP addresses, CloudFront, and Route53 hosted zones. However, it

D, but can be tricky, the third party negates Route53

Answer D. Learn section on AWS Advanced Shield on aws.Amazon.com to help you understand this. It helped me.

answer is D

DDos = AWS Shield