AWS Certified Cloud Practitioner

Ultimate access to all questions.

Explanation:

Explanation

AWS Shield is the correct answer because it is AWS's managed Distributed Denial of Service (DDoS) protection service.

AWS Shield:
- Provides managed DDoS protection
- Comes in two tiers:
  - AWS Shield Standard: Free, automatic protection for all AWS customers
  - AWS Shield Advanced: Paid service with additional features like 24/7 DDoS response team, cost protection, and advanced attack mitigation
Why other options are incorrect:
- AWS Firewall Manager: A security management service that allows you to centrally configure and manage firewall rules across your AWS accounts and applications
- Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior
- Amazon Inspector: An automated security assessment service that helps improve the security and compliance of applications deployed on AWS

Always-on detection and automatic inline mitigations
Integration with Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing
Real-time visibility into attacks via AWS WAF, Amazon CloudWatch, and AWS Management Console
Protection against infrastructure layer (Layer 3/4) and application layer (Layer 7) attacks

AWS Shield is specifically designed to protect AWS applications from DDoS attacks, making it the appropriate choice for managed DDoS protection.

Explanation:

AWS Shield is the correct answer because it is AWS's managed Distributed Denial of Service (DDoS) protection service.

AWS Shield:
- Provides managed DDoS protection
- Comes in two tiers:
  - AWS Shield Standard: Free, automatic protection for all AWS customers
  - AWS Shield Advanced: Paid service with additional features like 24/7 DDoS response team, cost protection, and advanced attack mitigation
Why other options are incorrect:
- AWS Firewall Manager: A security management service that allows you to centrally configure and manage firewall rules across your AWS accounts and applications
- Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior
- Amazon Inspector: An automated security assessment service that helps improve the security and compliance of applications deployed on AWS

Always-on detection and automatic inline mitigations
Integration with Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing
Real-time visibility into attacks via AWS WAF, Amazon CloudWatch, and AWS Management Console
Protection against infrastructure layer (Layer 3/4) and application layer (Layer 7) attacks

AWS Shield is specifically designed to protect AWS applications from DDoS attacks, making it the appropriate choice for managed DDoS protection.

No comments yet.

Real Exam

Community

RRitesh

Last updated: December 2, 2025 at 18:03

AWS Firewall Manager

0.0%

AWS Shield

66.7%

Amazon GuardDuty

33.3%

Amazon Inspector