AWS Certified Security – Specialty — Question 407

A company is using Amazon Macie, AWS Firewall Manager, Amazon Inspector, and AWS Shield Advanced in its AWS account. The company wants to receive alerts if a DDoS attack occurs against the account.

Which solution will meet this requirement?

Answer options

• A. Use Macie to detect an active DDoS event. Create Amazon CloudWatch alarms that respond to Macie findings.
• B. Use Amazon Inspector to review resources and to invoke Amazon CloudWatch alarms for any resources that are vulnerable to DDoS attacks.
• C. Create an Amazon CloudWatch alarm that monitors Firewall Manager metrics for an active DDoS event.
• D. Create an Amazon CloudWatch alarm that monitors Shield Advanced metrics for an active DDoS event.

Correct answer: D

Explanation

AWS Shield Advanced monitors network traffic and automatically publishes DDoS-related metrics to Amazon CloudWatch, allowing users to configure alarms for real-time attack detection. Amazon Macie and Amazon Inspector are designed for data privacy and vulnerability scanning respectively, rather than active network attack monitoring. While AWS Firewall Manager helps manage security policies, it does not directly provide the real-time DDoS attack metrics needed for this specific alerting requirement.