AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
You have a set of EC2 Instances hosted on the AWS Cloud. The EC2 Instances are hosting a web application. If you get a DDoS attack from the internet which of the following can help in reducing the overall threat to your EC2 Instances. Choose 2 from below:
Real Exam
Community
RRitesh
A
Usage of Security Groups
B
Usage of AWS Config
C
Usage of Network Access Control Lists
D
Usage of the Internet gateway
Explanation:
Explanation
Security Groups (Option A) and Network Access Control Lists (Option C) are the correct choices for reducing DDoS threats to EC2 instances.
Security Groups:
-
Act as a virtual firewall for your EC2 instances
-
Control inbound and outbound traffic at the instance level
-
Can be configured to allow only necessary traffic, blocking unwanted DDoS traffic
-
Provide stateful filtering - return traffic is automatically allowed regardless of rules
Network Access Control Lists (NACLs):
-
Provide an additional layer of security at the subnet level
-
Act as a stateless firewall for controlling traffic in and out of subnets
-
Can be used to block specific IP ranges or protocols associated with DDoS attacks
-
Offer rule-based filtering for both inbound and outbound traffic
Why other options are incorrect:
-
AWS Config (Option B): A service for assessing, auditing, and evaluating AWS resource configurations, not for real-time DDoS protection
-
Internet Gateway (Option D): A VPC component that enables communication between instances in your VPC and the internet, but doesn't provide DDoS mitigation capabilities
For comprehensive DDoS protection, AWS also recommends using AWS Shield and AWS WAF services in addition to Security Groups and NACLs.
Comments
Loading comments...