AWS DDoS Protection
Question
A growing food delivery start-up intends to implement DDoS protection for its applications on AWS.
Which fully managed service offering from AWS ensures customers protection from DDoS attack?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is CORRECT.
AWS Shield is a fully managed service from AWS that ensures protection from DDoS attacks.
Option B is INCORRECT.
AWS WAF helps us protect web applications and APIs against attacks by configuring various rules and conditions (like allow, block etc., based on defined conditions).
Option C is INCORRECT.
AWS Firewall Manager enables management and configuration of firewall across AWS accounts and applications centrally.
Option D is INCORRECT.
Amazon GuardDuty performs continuous monitoring to protect AWS account, S3 data and workloads from any malicious, unauthorized activities.
https://aws.amazon.com/shield/ https://aws.amazon.com/waf/ https://aws.amazon.com/firewall-manager/ https://aws.amazon.com/guardduty/The correct answer to the question is A. AWS Shield.
Explanation: AWS Shield is a fully managed service offered by Amazon Web Services (AWS) that provides customers with protection from Distributed Denial of Service (DDoS) attacks. DDoS attacks are cyber-attacks that aim to disrupt the normal traffic of a website, application or network by overwhelming them with a large amount of traffic from multiple sources.
AWS Shield offers two tiers of protection:
Standard tier: It provides automatic DDoS mitigation for all AWS customers at no extra charge. This protection is applied to all Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing, Amazon CloudFront, AWS Global Accelerator, AWS Route 53, and Amazon Virtual Private Cloud (VPC) resources.
Advanced tier: It offers additional protection beyond the standard tier for customers who have higher requirements for availability and protection against attacks. It provides access to 24/7 support and protection against more sophisticated attacks, such as Network and Transport Layer attacks.
AWS Shield is easy to use and can be enabled for any AWS resource with just a few clicks in the AWS Management Console or through the AWS Shield API. With AWS Shield, customers can protect their applications and workloads against DDoS attacks without any upfront costs or long-term commitments.
AWS WAF (Web Application Firewall) is another AWS service that can be used to protect against DDoS attacks. However, it is primarily used for protecting web applications from common web exploits and vulnerabilities such as SQL injection and cross-site scripting (XSS).
AWS Firewall Manager is a service that allows customers to centrally configure and manage firewall rules across multiple AWS accounts and resources. It is not designed specifically for DDoS protection.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts and workloads. It is not a DDoS protection service.
Therefore, the correct answer to the question is A. AWS Shield.
