A company runs a self-managed DNS solution on AWS that consists of Amazon EC2 instances in different AWS Regions and endpoints of a standard accelerator in AWS Global Accelerator. The company wants to protect this solution against DDoS attacks. What should a solutions architect do to meet this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Subscribe to AWS Shield Advanced. Add the accelerator as a resource to protect..
Why this is the answer
AWS Shield Advanced provides enhanced DDoS protection for applications running on AWS. By subscribing to Shield Advanced and protecting the AWS Global Accelerator accelerator, the entire solution, including the EC2 instances behind it, benefits from comprehensive DDoS mitigation at the network edge. Global Accelerator is a suitable resource to protect with Shield Advanced because it is a global service that sits in front of your application endpoints, making it an ideal first line of defense against DDoS attacks. Protecting only the EC2 instances with Shield Advanced would be less effective as DDoS attacks often target the public-facing entry points, which in this case is Global Accelerator. AWS WAF is designed for layer 7 (application layer) attacks and is not the primary service for mitigating large-scale volumetric DDoS attacks that Shield Advanced handles. While WAF can complement Shield Advanced, it's not the standalone solution for comprehensive DDoS protection described in the question.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed