Question #942
A web application hosted on AWS is under significant DDoS attacks, causing severe downtime. Which AWS service is specifically designed to mitigate such attacks while maintaining availability?
AWS Config
AWS Direct Connect
AWS Shield
Amazon Inspector
Explanation
AWS Shield is the correct answer because it is a managed DDoS protection service that safeguards applications running on AWS. Shield Standard is automatically included at no extra cost and defends against common network-layer attacks. Shield Advanced offers enhanced protection for sophisticated attacks, including 24/7 access to the AWS DDoS Response Team and integration with services like Amazon CloudFront and Route 53.
Other options are incorrect:
- AWS Config (A) tracks resource configuration changes but does not mitigate attacks.
- AWS Direct Connect (B) establishes private network connections but does not protect against DDoS.
- Amazon Inspector (D) assesses security vulnerabilities but does not handle real-time DDoS mitigation.
Key Point: AWS Shield is purpose-built for DDoS mitigation, ensuring application availability during attacks.
Answer
The correct answer is: C