AWS Certified Security – Specialty (SCS-C02) — Question 12

A company is using Amazon Macie, AWS Firewall Manager, Amazon Inspector, and AWS Shield Advanced in its AWS account. The company wants to receive alerts if a DDoS attack occurs against the account.
Which solution will meet this requirement?

Answer options

• A. Use Macie to detect an active DDoS event. Create Amazon CloudWatch alarms that respond to Macie findings.
• B. Use Amazon inspector to review resources and to invoke Amazon CloudWatch alarms for any resources that are vulnerable to DDoS attacks.
• C. Create an Amazon CloudWatch alarm that monitors Firewall Manager metrics for an active DDoS event.
• D. Create an Amazon CloudWatch alarm that monitors Shield Advanced metrics for an active DDoS event.

Correct answer: D

Explanation

The correct answer is D because AWS Shield Advanced is specifically designed to provide protection against DDoS attacks and can send alerts via CloudWatch. Options A and B are incorrect as they do not focus on DDoS detection, while option C monitors Firewall Manager metrics which may not directly indicate a DDoS event.