Answer: Enable AWS Shield Advanced to prevent attacks.

## Explanation **Correct Answer: C - Enable AWS Shield Advanced to prevent attacks.** **Why this is correct:** 1. **AWS Shield Advanced** is specifically designed to protect against DDoS (Distributed Denial of Service) attacks. It provides enhanced protection for web applications running on AWS. 2. **Key features of AWS Shield Advanced:** - Always-on detection and automatic inline mitigations - Protection against layer 3/4 (infrastructure) and layer 7 (application) DDoS attacks - Integration with Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing (including ALB) - 24/7 access to the AWS DDoS Response Team (DRT) - Cost protection for scaling during DDoS attacks **Why the other options are incorrect:** **A. Add an Amazon Inspector agent to the ALB.** - Amazon Inspector is for vulnerability assessment and security compliance, not DDoS protection - Inspector agents are installed on EC2 instances, not on ALBs **B. Configure Amazon Macie to prevent attacks.** - Amazon Macie is for data security and discovering sensitive data using machine learning - It helps identify PII, financial data, etc., but doesn't protect against DDoS attacks **D. Configure Amazon GuardDuty to monitor the ALB.** - Amazon GuardDuty is a threat detection service that monitors for malicious activity - While it can detect some DDoS-related anomalies, it's primarily for monitoring and detection, not prevention - Shield Advanced provides active protection and mitigation **Additional context:** - AWS Shield comes in two tiers: **Standard** (free, automatic for all AWS customers) and **Advanced** (paid, with enhanced features) - For a public web application with an ALB, Shield Advanced provides comprehensive DDoS protection - The solutions architect should also consider implementing AWS WAF (Web Application Firewall) for additional layer 7 protection

Author: LeetQuiz Editorial Team