Your company has deployed applications in AWS.
Recently your company's services have been hit by a massive DDoS attack, which resulted in huge financial loss.
You have a plan to enable AWS Shield Advanced in the AWS environment.
Which of the following resource types can help to expand the DDoS attack protection? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: B and E.
Options B and E are CORRECT because AWS Shield Advanced enables higher levels of protection against DDoS attacks, including the following resource types:
Amazon CloudFront distributions.
Amazon Route 53 hosted zones.
AWS Global Accelerator accelerators.
Application load balancers.
Elastic Load Balancing (ELB) load balancers.
Amazon Elastic Compute Cloud (Amazon EC2) Elastic IP addresses.
Options A, C and D are incorrect because these services are not the ones that AWS Shield Advanced can further protect.
Reference:
https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.htmlIn this scenario, the company has experienced a massive DDoS attack that resulted in significant financial loss. To mitigate such attacks, the company plans to enable AWS Shield Advanced in their AWS environment. AWS Shield Advanced provides enhanced DDoS protection and defense against sophisticated and large-scale attacks.
To expand DDoS attack protection, the following two resource types can be helpful:
Amazon CloudFront Distributions: CloudFront is a content delivery network (CDN) that helps to deliver content to end-users with low latency and high transfer speeds. CloudFront can help in DDoS protection by absorbing attacks at the edge location and minimizing the impact on the origin. CloudFront provides several security features, including SSL/TLS termination, access control, and geo-blocking. Additionally, AWS Shield Advanced is automatically included with CloudFront distributions, providing further DDoS protection.
Amazon Route 53 Hosted Zones: Amazon Route 53 is a highly scalable and available Domain Name System (DNS) service. It can help in DDoS protection by routing traffic to healthy endpoints, detecting and blocking malicious traffic, and absorbing attacks using anycast routing. Route 53 provides several security features, including DNSSEC, health checks, and traffic policies. AWS Shield Advanced is also automatically included with Route 53, providing additional DDoS protection.
Therefore, the correct answers are B (Amazon CloudFront distributions) and E (Amazon Route 53 hosted zones).