AWS Certified Cloud Practitioner (CLF-C02) — Question 594

A company is building a web application using AWS.

Which AWS service will help prevent network layer DDoS attacks against the web application?

Answer options

• A. AWS WAF
• B. AWS Firewall Manager
• C. Amazon GuardDuty
• D. AWS Shield

Correct answer: D

Explanation

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS, specifically protecting against network and transport layer (Layer 3 and 4) attacks. AWS WAF operates at the application layer (Layer 7) rather than the network layer, while AWS Firewall Manager is a security management service used to configure firewall rules across accounts. Amazon GuardDuty is a threat detection service that monitors for malicious activity but does not actively mitigate DDoS attacks.