AWS Certified Cloud Practitioner (CLF-C02) — Question 189

Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations?

Answer options

• A. Amazon Inspector
• B. AWS Web Application Firewall (AWS WAF)
• C. Elastic Load Balancing (ELB)
• D. AWS Shield

Correct answer: D

Explanation

AWS Shield is specifically designed to safeguard applications from distributed denial of service (DDoS) attacks, offering ongoing detection and automatic mitigation. In contrast, Amazon Inspector is focused on vulnerability assessments, AWS WAF is used for filtering web traffic, and Elastic Load Balancing helps distribute traffic but does not provide DDoS protection.