An outsourcing company is working on a government project.
Security is very important to the success of the application.
The application is developed mainly in EC2 with several application load balancers.
CloudFront and Route53 are also configured.
The major concern is that it should be able to be protected against DDoS attacks.
The company decides to activate the AWS Shield Advanced feature.
To this effect, it has hired an external consultant to 'educate' its employees on the same.
For the below options, which ones help the company to understand the AWS Shield Advanced plan? Select 3.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F. G. H.Correct Answer - A, D, E.
AWS Shield has two plans - AWS Shield Standard and AWS Shield Advanced.
AWS Shield Standard:
AWS Shield Standard activates automatically at no additional charge.
AWS Shield Standard defends against the most common, frequently occurring network and transport layer DDoS attacks that target your applications.
AWS Shield Advanced:
For higher levels of protection against attacks.
It has a subscription fee which is $ 3000 per month.
Option A is CORRECT.
Because Elastic Load Balancing (ELB), Amazon CloudFront, Amazon Route 53 are all covered by AWS Shield Advanced.
Option B is incorrect.
Because AWS Shield Advanced has a subscription commitment of 1 year with a base monthly fee of 3000$.
Option C is incorrect.
Because Route 53 is covered by AWS Shield Advanced.
Option D is CORRECT.
Because 24*7 support by the DDoS Response team is a key feature of the advanced plan.
Option E is CORRECT.
Because AWS Shield Advanced integrates with AWS CloudWatch and provides relevant reports.
Option F is incorrect.
Because AWS Shield is not within AWS WAF.
Please note that both of them help protect the AWS resources.
AWS WAF is a web application firewall service, while AWS Shield provides expanded DDoS attack protection for the AWS resources.
Sure, I'd be happy to explain the options and help you understand the AWS Shield Advanced plan in detail.
A. AWS Shield Advanced plan is able to protect application load balancers, CloudFront and Route53 from DDoS attacks. This option is correct. AWS Shield Advanced plan is a managed DDoS protection service that helps protect AWS resources such as EC2 instances, Elastic Load Balancing, CloudFront, and Route 53 from DDoS attacks. So, it's important to understand that the AWS Shield Advanced plan can protect the application load balancers, CloudFront, and Route53 from DDoS attacks.
B. AWS Shield Advanced plan does not have a monthly base charge. The company only needs to pay the data transfer fee. Other than that, AWS WAF includes no additional cost. This option is also correct. AWS Shield Advanced plan does not have a monthly base charge. Instead, it charges based on the data transferred out of your AWS resources to the internet. Moreover, the AWS WAF (Web Application Firewall) is also included at no additional cost with AWS Shield Advanced plan. So, it's important to understand that the AWS Shield Advanced plan charges only for data transfer fees and includes AWS WAF at no additional cost.
C. Route 53 is not covered by AWS Shield Advanced plan. However, Route 53 is able to be protected under AWS WAF. This option is partially correct. While it's true that Route 53 is not covered by the AWS Shield Advanced plan, it can still be protected under AWS WAF. AWS WAF provides protection against web exploits and attacks for the applications that use Amazon Route 53.
D. A dedicated rule in WAF should be customized. This option is not relevant to understanding the AWS Shield Advanced plan. However, it's important to understand that AWS WAF provides a wide range of pre-configured rules that you can use to protect your web applications. You can also create your own custom rules to meet your specific security requirements.
E. 24*7 support by the DDoS Response team. Critical and urgent priority cases can be answered quickly by DDoS experts. Custom mitigations during attacks are also available. This option is correct. AWS Shield Advanced plan provides 24/7 support by the DDoS Response team. In case of critical and urgent priority cases, DDoS experts can answer quickly and custom mitigations during attacks are also available.
F. Real-time notification of attacks is available via Amazon CloudWatch. Historical attack reports are also provided. This option is correct. AWS Shield Advanced plan provides real-time notification of attacks via Amazon CloudWatch. It also provides historical attack reports, which can help you identify patterns and improve your security posture.
G. AWS Shield is a sub-feature within AWS WA. This option is not correct. AWS Shield is a standalone service that provides DDoS protection for AWS resources. AWS WAF is a web application firewall service that provides protection against web exploits and attacks. While AWS Shield Advanced plan includes AWS WAF, it's important to understand that AWS Shield is not a sub-feature within AWS WAF.
H. AWS Shield Advanced can be activated in AWS WAF console, which also provides the near real-time metrics and packet captures for attack forensics. This option is partially correct. While it's true that you can activate AWS Shield Advanced plan in the AWS WAF console, it's important to understand that AWS Shield Advanced plan provides near real-time metrics and packet captures for attack forensics, not AWS WAF. AWS WAF provides web application firewall services, whereas AWS Shield Advanced plan provides DDoS protection services.
In summary, the correct options to help the company understand the AWS Shield Advanced plan are: