Answer-first summary for fast verification
Answer: Deploy AWS Shield Advanced in addition to AWS WAF. Add the ALB as a protected resource.
The best solution to mitigate application layer attacks with the least operational overhead is to deploy AWS Shield Advanced in addition to AWS WAF and to add the ALB as a protected resource. 1. **Explanation for the answer B**: - **AWS Shield Advanced**: AWS Shield Advanced is a managed DDoS protection service that safeguards applications running on AWS. It provides enhanced detection and mitigation against more sophisticated types of DDoS attacks in addition to application layer attacks. By protecting the ALB with AWS Shield Advanced, the company can leverage its advanced threat detection and mitigation capabilities to handle sudden and significant increases in traffic caused by attacks. - **Integration with AWS WAF**: Shield Advanced integrates seamlessly with AWS WAF. By using them together, you get automated attack mitigation, reporting, and analytics. Shield Advanced also includes a web application firewall with managed rules, allowing for granular control and automatic updates to new threat patterns without requiring constant manual intervention. - **Operational Overhead**: The solution of deploying AWS Shield Advanced involves minimal operational overhead as it is managed by AWS. This approach eliminates the need for manual inspection of logs, configuration of alarms, writing and maintaining Lambda functions, or managing deny lists. AWS Shield Advanced provides proactive protection with continuous monitoring and automatic response mechanisms. - **Advanced Features**: Shield Advanced offers 24/7 access to the AWS DDoS Response Team (DRT) for incident management and proactively applies enhanced protections automatically to mitigate attacks. In summary, deploying AWS Shield Advanced alongside AWS WAF provides a robust, managed solution that reduces the need for manual intervention and offers comprehensive protection with minimal operational overhead.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has a website that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB is associated with an AWS WAF web ACL. The website often encounters attacks in the application layer. The attacks produce sudden and significant increases in traffic on the application server. The access logs show that each attack originates from different IP addresses. A solutions architect needs to implement a solution to mitigate these attacks. Which solution will meet these requirements with the LEAST operational overhead?
A
Create an Amazon CloudWatch alarm that monitors server access. Set a threshold based on access by IP address. Configure an alarm action that adds the IP address to the web ACL’s deny list.
B
Deploy AWS Shield Advanced in addition to AWS WAF. Add the ALB as a protected resource.
C
Create an Amazon CloudWatch alarm that monitors user IP addresses. Set a threshold based on access by IP address. Configure the alarm to invoke an AWS Lambda function to add a deny rule in the application server’s subnet route table for any IP addresses that activate the alarm.
D
Inspect access logs to find a pattern of IP addresses that launched the attacks. Use an Amazon Route 53 geolocation routing policy to deny traffic from the countries that host those IP addresses.