AWS Certified Cloud Practitioner (CLF-C02) — Question 710
A company's cloud environment includes Amazon EC2 instances and Application Load Balancers. The company wants to improve protections for its cloud resources against DDoS attacks. The company also wants to have real-time visibility into any DDoS attacks.
Which AWS service will meet these requirements?
Answer options
- A. AWS Shield Standard
- B. AWS Firewall Manager
- C. AWS Shield Advanced
- D. Amazon GuardDuty
Correct answer: C
Explanation
AWS Shield Advanced provides comprehensive protection against sophisticated DDoS attacks for resources like Amazon EC2 and Application Load Balancers, including real-time visibility and diagnostics. In contrast, AWS Shield Standard only offers basic, automatic protection without the detailed real-time reporting. AWS Firewall Manager and Amazon GuardDuty are designed for security policy management and threat detection, respectively, rather than specialized real-time DDoS mitigation and visibility.