AWS DDoS Protection

Answer - B.

The AWS documentation mentions the following.

Amazon CloudFront distributes traffic across multiple Points of Presence (PoP) locations and filters requests to ensure that only valid HTTP(S) requests will be forwarded to backend hosts.

CloudFront also supports geo restriction, also known as geoblocking, which can be useful for isolating attacks originating from a particular geographic location.

For more information on DDos attack mitigation , please refer to the below link:

Among the given options, the best-suited AWS service to help mitigate a large-scale global DDoS attack on its own is AWS Cloudfront.

AWS CloudFront is a Content Delivery Network (CDN) service offered by Amazon Web Services. It can distribute content to multiple edge locations, making it an ideal service for handling large-scale global DDoS attacks.

A DDoS (Distributed Denial of Service) attack can cause network outages by overwhelming a server with a massive amount of traffic. AWS CloudFront can distribute this traffic across multiple edge locations, making it easier to manage and prevent the attack from overwhelming a single server or data center.

AWS CloudFront uses advanced techniques like AWS Shield and AWS WAF (Web Application Firewall) to protect against DDoS attacks. AWS Shield is a managed DDoS protection service that provides protection against network and transport layer attacks. AWS WAF is a web application firewall that can provide additional protection against application-layer attacks.

On the other hand, AWS Elastic Load Balancer (ELB) is a service that distributes incoming traffic across multiple servers or instances. It can help mitigate DDoS attacks, but it works in conjunction with other AWS services like AWS Shield and AWS WAF.

AWS Simple Queue Service (SQS) is a fully-managed message queuing service that enables decoupling and scaling microservices, distributed systems, and serverless applications. It is not designed to mitigate DDoS attacks.

AWS Elastic Compute Cloud (EC2) is a scalable cloud computing service that provides virtual servers or instances to run applications. While EC2 instances can be used to manage traffic during a DDoS attack, it is not designed specifically for DDoS mitigation.

Therefore, in conclusion, among the given options, AWS Cloudfront is the best-suited service to work on its own to help mitigate a large scale global DDoS attack.