AWS Certified SysOps Administrator – Associate (legacy) — Question 853

An application running by a SysOps Administrator is under repeated, large-scale distributed denial of service (DDoS) attacks. Each time an attack occurs, multiple customers reach out to the Support team to report outages. The Administrator wants to minimize potential downtime from the DDoS attacks. The company requires 24/7 support.
Which AWS service should be set up to protect the application?

Answer options

• A. AWS Trusted Advisor
• B. AWS Shield Advanced
• C. Amazon Cognito
• D. Amazon Inspector

Correct answer: B

Explanation

AWS Shield Advanced provides enhanced protection against large-scale and sophisticated DDoS attacks, along with 24/7 access to the AWS Shield Response Team (SRT) to help mitigate downtime. AWS Trusted Advisor offers cost optimization and security recommendations but does not actively block attacks. Amazon Cognito is used for user authentication, and Amazon Inspector is an automated vulnerability assessment service, neither of which protects against DDoS attacks.