AWS Certified Cloud Practitioner — Question 714
A company is running its application in the AWS Cloud and wants to protect against a DDoS attack. The company’s security team wants near real-time visibility into DDoS attacks.
Which AWS service or traffic filter will meet these requirements with the MOST features for DDoS protection?
Answer options
- A. AWS Shield Advanced
- B. AWS Shield
- C. Amazon GuardDuty
- D. Network ACLs
Correct answer: A
Explanation
AWS Shield Advanced is the correct choice because it provides comprehensive DDoS protection along with near real-time visibility, detailed diagnostics, and access to the AWS Shield Response Team (SRT). While AWS Shield Standard offers baseline protection, it does not include near real-time visibility or advanced mitigation features. Amazon GuardDuty and Network ACLs lack the dedicated, automated DDoS defense and real-time reporting capabilities required here.