AWS Certified Security – Specialty (SCS-C02) — Question 260

An ecommerce website was down for 1 hour following a DDoS attack. Users were unable to connect to the website during the attack period. The ecommerce company’s security team is worried about future potential attacks and wants to prepare for such events. The company needs to minimize downtime in its response to similar attacks in the future.

Which steps would help achieve this? (Choose two.)

Answer options

• A. Enable Amazon GuardDuty to automatically monitor for malicious activity and block unauthorized access.
• B. Subscribe to AWS Shield Advanced and reach out to AWS Support in the event of an attack.
• C. Use VPC Flow Logs to monitor network traffic and an AWS Lambda function to automatically block an attacker’s IP using security groups.
• D. Set up an Amazon EventBridge rule to monitor the AWS CloudTrail events in real time, use AWS Config rules to audit the configuration, and use AWS Systems Manager for remediation.
• E. Use AWS WAF to create rules to respond to such attacks.

Correct answer: B, E

Explanation

Option B is correct as subscribing to AWS Shield Advanced provides enhanced DDoS protection and access to AWS Support during attacks, which is crucial for minimizing downtime. Option E is also correct because AWS WAF allows for the creation of custom rules to filter malicious traffic. The other options, while useful for security monitoring and response, do not directly address the immediate need to minimize downtime during DDoS attacks.