AIncorrect
Amazon GuardDuty
GuardDuty is a service that analyzes logs to detect suspicious activity and threats.
Its role is threat detection, not dedicated DDoS attack mitigation, so this is incorrect.
Which AWS service is specifically designed to protect applications on AWS from DDoS attacks that flood the service with large volumes of requests and cause it to stop responding?
1 / 1
Select an answer
CorrectB
Explanation
A question asking to identify the service dedicated to DDoS attack protection.
- 1「DDoS attacks」An attack that floods a service with traffic to make it stop responding
- 2「cause it to stop responding」An attack targeting availability; a dedicated service is effective for mitigation
- 3「specifically designed to protect」Dedicated to DDoS mitigation = Shield
BCorrect
AWS Shield
This is correct. AWS Shield is a service specifically designed for protection against DDoS attacks. Shield Standard is automatically applied to all customers at no extra cost, and Shield Advanced provides more advanced protection and response support as a paid offering. It mitigates service disruption caused by large volumes of requests.
CIncorrect
AWS KMS
KMS is a service for managing encryption keys.
Its role is data encryption, which is unrelated to DDoS mitigation, so this is incorrect.
DIncorrect
Amazon Inspector
Inspector is a service that automatically scans EC2 instances and container images for vulnerabilities.
Vulnerability assessment is its role, and it is not dedicated to DDoS mitigation, so this is incorrect.
Key Takeaway
'DDoS' points to AWS Shield (Standard = automatic and free / Advanced = paid). Differentiate: web-application-layer attacks (SQLi/XSS) = WAF; threat detection = GuardDuty; vulnerability scanning = Inspector.