AWS Certified Cloud Practitioner — Question 842

A company wants high levels of detection and near-real-time (NRT) mitigation against large and sophisticated distributed denial of service (DDoS) attacks on applications running on AWS.

Which AWS service should the company use?

Answer options

• A. Amazon GuardDuty
• B. Amazon Inspector
• C. AWS Shield Advanced
• D. Amazon Macie

Correct answer: C

Explanation

AWS Shield Advanced delivers robust protection and near-real-time (NRT) mitigation against sophisticated DDoS attacks for AWS resources. Amazon GuardDuty is a threat detection service, Amazon Inspector performs vulnerability scanning, and Amazon Macie discovers and protects sensitive data, making them unsuitable for active DDoS mitigation.