Answer-first summary for fast verification
Answer: Enable AWS Shield Advanced and assign the ELB to it.
## Explanation **Correct Answer: D - Enable AWS Shield Advanced and assign the ELB to it.** **Why this is correct:** 1. **AWS Shield Advanced** is specifically designed to provide enhanced DDoS protection for web applications running on AWS. It offers: - Advanced DDoS detection and mitigation - 24/7 access to the AWS DDoS Response Team (DRT) - Cost protection for scaling during DDoS attacks - Integration with AWS WAF for application layer protection 2. **Assigning the ELB to Shield Advanced** is the correct approach because: - The Elastic Load Balancer is the entry point for traffic to the web application - Shield Advanced can protect AWS resources like ELB, Amazon CloudFront, and Amazon Route 53 - Since the company uses a third-party DNS service, they cannot use Route 53-based protection **Why other options are incorrect:** **A. Amazon GuardDuty** - This is a threat detection service that uses machine learning to identify malicious activity and unauthorized behavior, but it's not specifically designed for DDoS protection. **B. Amazon Inspector** - This is an automated security assessment service that helps improve security and compliance of applications deployed on AWS, but it doesn't provide DDoS protection. **C. AWS Shield and assign Amazon Route 53 to it** - AWS Shield Standard provides automatic protection for all AWS customers at no additional cost, but: - It only protects AWS resources (not third-party DNS) - The company uses a third-party DNS service, so they cannot assign Route 53 to it - AWS Shield Standard doesn't provide the advanced DDoS protection features needed for large-scale attacks **Key Takeaways:** - For public-facing web applications requiring protection against large-scale DDoS attacks, AWS Shield Advanced is the appropriate service - Shield Advanced can protect AWS resources like ELB, CloudFront, and Route 53 - When using third-party DNS, you cannot leverage Route 53's DDoS protection capabilities - Shield Advanced provides comprehensive DDoS protection with dedicated support and cost protection
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks. Which solution meets these requirements?
A
Enable Amazon GuardDuty on the account.
B
Enable Amazon Inspector on the EC2 instances.
C
Enable AWS Shield and assign Amazon Route 53 to it.
D
Enable AWS Shield Advanced and assign the ELB to it.