AWS Certified Solutions Architect Associate SAA-C03 Practice Question

AWS Shield provides managed Distributed Denial of Service (DDoS) protection for applications running on Amazon's cloud platform. It safeguards against volumetric attacks that can overwhelm network resources and cause service disruptions. AWS Shield is automatically enabled for all customers and protects against the most common network and transport layer DDoS attacks. In contrast, AWS WAF (Web Application Firewall) protects applications from common web exploits and vulnerabilities such as SQL injection and cross-site scripting but is not specifically designed to handle large-scale DDoS attacks. Amazon GuardDuty is a threat intelligence service that continuously monitors traffic for malicious activity and unauthorized behavior but does not provide direct protection against DDoS attacks. AWS Config helps with resource configuration management and compliance but does not protect against external threats.