AWS Certified Solutions Architect – Associate (SAA-C02) — Question 558

A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application.
What should the solutions architect do to meet this requirement?

Answer options

• A. Add an Amazon Inspector agent to the ALB
• B. Configure Amazon Macie to prevent attacks
• C. Enable AWS Shield Advanced to prevent attacks
• D. Configure Amazon GuardDuty to monitor the ALB

Correct answer: C

Explanation

AWS Shield Advanced provides comprehensive DDoS protection and mitigation for AWS resources, including Application Load Balancers (ALBs). Amazon Inspector is designed for vulnerability scanning, Amazon Macie is used for discovering sensitive data in S3, and Amazon GuardDuty is a threat detection service; none of these services actively prevent or mitigate DDoS attacks.