Explanation:
Amazon Route 53 Resolver DNS Firewall is specifically designed to provide DNS-based threat protection. It allows you to filter and block DNS queries for known malicious domains (such as those associated with malware or phishing) and can prevent DNS tunneling/exfiltration. AWS Shield Advanced and AWS WAF operate at different layers (Layer 3/4 and Layer 7 HTTP/HTTPS, respectively) and are not the primary tools for DNS-level query filtering.
Ultimate access to all questions.
Question #45 A company that runs multiple workloads on AWS wants to enhance its security posture by implementing DNS-based threat protection. The company must block DNS-based attacks. Which solution will meet this requirement?
A
Deploy AWS Shield Advanced to filter and block malicious DNS queries. Set up domain filtering policies.
B
Use AWS WAF to inspect DNS traffic for malicious domains. Create custom rules to block known threats.
C
Configure Amazon Route 53 Resolver to forward DNS queries to Route 53 Resolver DNS Firewall Advanced to detect and filter threats.
D
Configure AWS Config to monitor DNS queries and DNS traffic patterns. Use an AWS Lambda function to prevent access to malicious domains.
No comments yet.