AWS Certified Solutions Architect – Associate (SAA-C03) — Question 43

A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks.
Which solution meets these requirements?

Answer options

• A. Enable Amazon GuardDuty on the account.
• B. Enable Amazon Inspector on the EC2 instances.
• C. Enable AWS Shield and assign Amazon Route 53 to it.
• D. Enable AWS Shield Advanced and assign the ELB to it.

Correct answer: D

Explanation

The correct answer is D because AWS Shield Advanced provides enhanced DDoS protection specifically for AWS resources such as Elastic Load Balancers. Options A and B do not specifically address DDoS attack protection, while option C lacks the advanced features necessary for large-scale attacks since it only includes AWS Shield without the advanced tier.