A city runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). Users report sporadic performance issues that appear related to DDoS attacks from random IP addresses. The city wants a solution that requires minimal configuration changes and provides an audit trail for the DDoS sources. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Subscribe to AWS Shield Advanced. Engage the AWS DDoS Response Team (DRT) to integrate mitigating controls into the service..
Why this is the answer
AWS Shield Advanced is the correct solution because it provides comprehensive DDoS protection for applications, including proactive detection and mitigation of large and sophisticated attacks. It also offers 24/7 access to the AWS DDoS Response Team (DRT), who can integrate mitigating controls and provide an audit trail of attack details. This meets the requirement for minimal configuration changes as Shield Advanced integrates directly with existing AWS resources like ALBs. Enabling an AWS WAF web ACL on the ALB alone is insufficient for sophisticated DDoS attacks as WAF primarily protects against common web exploits and can be overwhelmed by high-volume attacks. Subscribing to Amazon Inspector is incorrect because Inspector is a security assessment service that identifies vulnerabilities, not a DDoS protection service. Creating a CloudFront distribution with WAF is a good practice for web
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed