AWS Certified Cloud Practitioner — Question 299
A company wants to protect resources that the company hosts on AWS, including Application Load Balancers and Amazon CloudFront distributions. The company wants an AWS service that can provide near real-time visibility into attacks on the company's resources. The service must also have a dedicated AWS team to assist with distributed denial of service (DDoS) attacks.
Which AWS service will meet these requirements?
Answer options
- A. AWS WAF
- B. AWS Shield Standard
- C. Amazon Macie
- D. AWS Shield Advanced
Correct answer: D
Explanation
AWS Shield Advanced offers comprehensive protection against DDoS attacks, including 24/7 access to the AWS Shield Response Team (SRT) and near real-time visibility into attacks on protected resources like Application Load Balancers and CloudFront. AWS Shield Standard provides automatic, basic protection but lacks the dedicated support team and advanced reporting. AWS WAF is a web application firewall for application-layer filtering, and Amazon Macie is used for discovering and protecting sensitive data in Amazon S3.