Answer-first summary for fast verification
Answer: Configure Amazon Route 53 Resolver to forward DNS queries to Route 53 Resolver DNS Firewall Advanced to detect and filter threats.
Amazon Route 53 Resolver DNS Firewall is the specific service designed to filter and block DNS-based threats. It allows you to create policies to block DNS queries for known malicious domains. AWS Shield Advanced is for DDoS protection, and AWS WAF is for layer 7 (HTTP/HTTPS) web application firewall protection, neither of which is specifically for DNS filtering.
Author: Ritesh Yadav
Ultimate access to all questions.
Question #45
A company that runs multiple workloads on AWS wants to enhance its security posture by implementing DNS-based threat protection. The company must block DNS-based attacks.
Which solution will meet this requirement?
A
Deploy AWS Shield Advanced to filter and block malicious DNS queries. Set up domain filtering policies.
B
Use AWS WAF to inspect DNS traffic for malicious domains. Create custom rules to block known threats.
C
Configure Amazon Route 53 Resolver to forward DNS queries to Route 53 Resolver DNS Firewall Advanced to detect and filter threats.
D
Configure AWS Config to monitor DNS queries and DNS traffic patterns. Use an AWS Lambda function to prevent access to malicious domains.
No comments yet.