AWS Certified Cloud Practitioner Exam - Protecting Against DDoS Attacks

Protecting Against DDoS Attacks

Question

Which of the following can be used to protect against DDoS attacks? Choose 2 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C and D.

The AWS Documentation mentions the following:

AWS Shield - All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge.

AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications.

AWS Shield Advanced - For higher levels of protection against attacks targeting your web applications running on Amazon EC2, Elastic Load Balancing (ELB), CloudFront, and Route 53 resources, you can subscribe to AWS Shield Advanced.

AWS Shield Advanced provides expanded DDoS attack protection for these resources.

For more information on AWS Shield, please refer to the below URL:

https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html

The correct answers are C. AWS Shield and D. AWS Shield Advanced.

Explanation:

DDoS (Distributed Denial of Service) is a type of cyber-attack where multiple compromised systems (or bots) are used to flood a network or a server with excessive traffic, thereby disrupting normal service. DDoS attacks are becoming more common, and they can cause significant damage to a business's reputation and financial stability. Therefore, it's essential to have protection against such attacks.

AWS Shield is a managed DDoS protection service offered by Amazon Web Services (AWS) that safeguards web applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency caused by DDoS attacks. AWS Shield provides protection against several types of DDoS attacks, including network and application-layer attacks.

AWS Shield Advanced is an additional service that offers more comprehensive DDoS protection than AWS Shield. It provides enhanced detection and mitigation capabilities, including 24/7 access to AWS DDoS Response Team (DRT) for advanced attack mitigation support, real-time visibility and attack analytics, and cost protection against usage spikes caused by DDoS attacks.

AWS EC2 (Elastic Compute Cloud) is a web service that provides scalable computing capacity in the cloud. Although EC2 instances can be used to host web applications, they do not provide DDoS protection by default.

AWS RDS (Relational Database Service) is a web service that provides managed database instances in the cloud. Like EC2, RDS instances can be used to host web applications, but they do not provide DDoS protection by default.

In conclusion, to protect against DDoS attacks on web applications running on AWS, AWS Shield and AWS Shield Advanced are the recommended services to use.