New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAA-C03 Exam - Topic 2 Question 47 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 47
Topic #: 2
[All SAA-C03 Questions]

A company is building an application in the AWS Cloud. The application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 for the DNS.

The company needs a managed solution with proactive engagement to detect against DDoS attacks.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

AWS Shield Advanced is designed to provide enhanced protection against DDoS attacks with proactive engagement and response capabilities, making it the best solution for this scenario.

AWS Shield Advanced: This service provides advanced protection against DDoS attacks. It includes detailed attack diagnostics, 24/7 access to the AWS DDoS Response Team (DRT), and financial protection against DDoS-related scaling charges. Shield Advanced also integrates with Route 53 and the Application Load Balancer (ALB) to ensure comprehensive protection for your web applications.

Route 53 and ALB Protection: By adding your Route 53 hosted zones and ALB resources to AWS Shield Advanced, you ensure that these components are covered under the enhanced protection plan. Shield Advanced actively monitors traffic and provides real-time attack mitigation, minimizing the impact of DDoS attacks on your application.

Why Not Other Options?:

Option A (AWS Config): AWS Config is a configuration management service and does not provide DDoS protection or detection capabilities.

Option B (AWS WAF): While AWS WAF can help mitigate some types of attacks, it does not provide the comprehensive DDoS protection and proactive engagement offered by Shield Advanced.

Option C (GuardDuty): GuardDuty is a threat detection service that identifies potentially malicious activity within your AWS environment, but it is not specifically designed to provide DDoS protection.

AWS Reference:

AWS Shield Advanced - Overview of AWS Shield Advanced and its DDoS protection capabilities.

Integrating AWS Shield Advanced with Route 53 and ALB - Detailed guidance on how to protect Route 53 and ALB with AWS Shield Advanced.


by Salome at Sep 17, 2024, 11:12 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Edna
3 months ago
B is good too, but D is more comprehensive.
upvoted 0 times
...
Carlota
3 months ago
Wait, can AWS Shield really handle large-scale attacks?
upvoted 0 times
...
Belen
3 months ago
A won't cut it for DDoS, that's for sure.
upvoted 0 times
...
Bronwyn
4 months ago
Definitely agree with D! Shield Advanced is solid.
upvoted 0 times
...
Deeanna
4 months ago
I think D is the best choice for DDoS protection.
upvoted 0 times
...
Gussie
4 months ago
I vaguely recall that AWS Config is more for compliance and monitoring rather than active DDoS protection. I don't think option A is the right answer.
upvoted 0 times
...
Chara
4 months ago
I practiced a similar question about DDoS protection, and I feel like AWS Shield Advanced was mentioned as a managed solution. That makes me lean towards option D.
upvoted 0 times
...
Susy
4 months ago
I’m not entirely sure, but I think AWS WAF is more about web application security rather than specifically DDoS attacks. Could it still be a valid option?
upvoted 0 times
...
Britt
5 months ago
I remember studying AWS Shield, and I think it’s specifically designed for DDoS protection. So, option D might be the right choice.
upvoted 0 times
...
Alida
5 months ago
I've got this! AWS Shield Advanced is the obvious choice here. It provides the managed DDoS protection the company is looking for, and it integrates directly with Route 53 and the ALB. Easy peasy.
upvoted 0 times
...
Merilyn
5 months ago
Hmm, I'm a bit unsure about this one. There are a few AWS security services mentioned, and I'll need to make sure I understand the differences between them to pick the right solution.
upvoted 0 times
...
Pauline
5 months ago
This looks like a straightforward AWS security question. I'll carefully read through the options and think about the key requirements - a managed solution with proactive DDoS detection.
upvoted 0 times
...
Brandee
5 months ago
Okay, let's see. The company needs a managed solution, so that rules out some of the more manual options. And they want proactive DDoS detection, so I think I'll focus on the AWS services that specialize in that.
upvoted 0 times
...
Mirta
5 months ago
This question requires a good understanding of capital expenditures and tax implications. I'll need to work through it methodically.
upvoted 0 times
...
Tawanna
1 year ago
Option D is the way to go, no doubt. It's like having a bodyguard for your AWS resources - you can just sit back and let Shield Advanced do its thing.
upvoted 0 times
Kanisha
1 year ago
B) Enable AWS WAF on the ALB Create an AWS WAF web ACL with rules to detect and prevent DDoS attacks. Associate the web ACL with the ALB.
upvoted 0 times
...
Mitzie
1 year ago
I agree, AWS Shield Advanced is a great solution for proactive DDoS protection.
upvoted 0 times
...
Rima
1 year ago
D) Subscribe to AWS Shield Advanced. Configure hosted zones in Route 53 Add ALB resources as protected resources.
upvoted 0 times
...
...
Goldie
1 year ago
Option D is the clear winner here. AWS Shield Advanced is like a superhero for your infrastructure, and it takes all the headache out of DDoS protection.
upvoted 0 times
Breana
1 year ago
AWS Shield Advanced sounds like the perfect fit for this company's needs. It offers proactive engagement and peace of mind.
upvoted 0 times
...
Annelle
1 year ago
I agree, AWS Shield Advanced is a comprehensive solution for DDoS protection. It's a no-brainer choice for this scenario.
upvoted 0 times
...
Pamella
1 year ago
Option D is definitely the way to go. AWS Shield Advanced provides top-notch protection against DDoS attacks.
upvoted 0 times
...
...
Rosalind
1 year ago
Has anyone considered Option B? Setting up a custom AWS WAF web ACL could give us more control over the DDoS detection and prevention rules.
upvoted 0 times
...
Krissy
1 year ago
I'd go with Option C. GuardDuty is a powerful tool, and combining it with S3 logging sounds like a cost-effective way to detect and respond to DDoS threats.
upvoted 0 times
Sherly
1 year ago
True, but GuardDuty with S3 logging might be more cost-effective.
upvoted 0 times
...
Viola
1 year ago
I think AWS Shield Advanced could also be a strong option for DDoS protection.
upvoted 0 times
...
Maia
1 year ago
I agree, combining it with S3 logging seems like a smart move.
upvoted 0 times
...
Mirta
1 year ago
Option C sounds like a good choice. GuardDuty is really effective.
upvoted 0 times
...
...
Kyoko
1 year ago
Option D definitely gets my vote. Why mess with the rest when you can have the best protection from AWS Shield Advanced?
upvoted 0 times
Jamey
1 year ago
Definitely, it's better to go with the advanced protection offered by AWS Shield.
upvoted 0 times
...
Taryn
1 year ago
I agree, AWS Shield Advanced seems like the most comprehensive solution for DDoS protection.
upvoted 0 times
...
Janine
1 year ago
D) Subscribe to AWS Shield Advanced. Configure hosted zones in Route 53 Add ALB resources as protected resources.
upvoted 0 times
...
...
Muriel
1 year ago
That's a good point, Ashton. AWS WAF does offer strong protection. It's a tough decision between options B and D.
upvoted 0 times
...
Ashton
1 year ago
I disagree, I believe option B is the way to go. AWS WAF can help detect and prevent DDoS attacks effectively.
upvoted 0 times
...
Muriel
1 year ago
I think option D is the best choice. AWS Shield Advanced provides proactive DDoS protection.
upvoted 0 times
...

Save Cancel