A company is preparing a public-facing web application on Amazon EC2 instances in a VPC behind an Elastic Load Balancer (ELB). The company uses a third-party DNS provider. The solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Enable AWS Shield Advanced and assign the ELB to it..
Why this is the answer
AWS Shield Advanced provides enhanced DDoS protection for applications running on AWS, including large-scale attacks. By assigning the Elastic Load Balancer (ELB) to Shield Advanced, all traffic directed to the web application through the ELB will be protected. This service offers always-on detection and automatic inline mitigations. Enabling Amazon GuardDuty provides threat detection for malicious activity and unauthorized behavior but doesn't specifically protect against DDoS attacks. Amazon Inspector assesses EC2 instances for vulnerabilities and deviations from best practices, which is not a DDoS protection service. AWS Shield Standard is enabled by default and offers basic protection, but Shield Advanced is required for comprehensive protection against large-scale and sophisticated DDoS attacks, and it protects specific resources like ELBs, not DNS services like Route 53 directly.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed