AWS Certified Solutions Architect – Associate (SAA-C03) — Question 162

A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application.

What should the solutions architect do to meet this requirement?

Answer options

• A. Add an Amazon Inspector agent to the ALB.
• B. Configure Amazon Macie to prevent attacks.
• C. Enable AWS Shield Advanced to prevent attacks.
• D. Configure Amazon GuardDuty to monitor the ALB.

Correct answer: C

Explanation

The correct answer is C, enabling AWS Shield Advanced provides advanced DDoS protection specifically designed to safeguard applications running on AWS. The other options do not directly address DDoS mitigation; Amazon Inspector focuses on security assessments, Amazon Macie is for data protection, and Amazon GuardDuty is for threat detection rather than attack prevention.