AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An e-commerce company hosts their web application in EC2 instances behind an Application Load Balancer (ALB). They are concerned about potential attacks from external sources that could overwhelm their application with a flood of traffic, causing service disruptions. As a solutions architect, which service should you recommend to help protect their application from these types of attacks?
AWS Shield provides managed Distributed Denial of Service (DDoS) protection for applications running on Amazon's cloud platform. It safeguards against volumetric attacks that can overwhelm network resources and cause service disruptions. AWS Shield is automatically enabled for all customers and protects against the most common network and transport layer DDoS attacks. In contrast, AWS WAF (Web Application Firewall) protects applications from common web exploits and vulnerabilities such as SQL injection and cross-site scripting but is not specifically designed to handle large-scale DDoS attacks. Amazon GuardDuty is a threat intelligence service that continuously monitors traffic for malicious activity and unauthorized behavior but does not provide direct protection against DDoS attacks. AWS Config helps with resource configuration management and compliance but does not protect against external threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of DDoS attacks does AWS Shield protect against?
Open an interactive chat with Bash
How does AWS Shield differ from AWS WAF?
Open an interactive chat with Bash
Is AWS Shield included automatically, or do I need to configure it?