Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

⚡ Save 30% on ALL Microsoft Azure courses this Black Friday Sale — limited time only!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Minor answer quibble

  • Minor answer quibble

     Irene-TutorialsDojo updated 2 weeks, 5 days ago 2 Members · 2 Posts
    AWS Certified Solutions Architect Professional

  • Sean Carr

    Member
    October 17, 2025 at 10:44 pm

    A company recently patched a vulnerability in its web application hosted on AWS. The solutions architect was tasked to improve the security of the company’s AWS resources as well as secure the web applications from common web vulnerabilities and cyber attacks. One example is a Distributed Denial of Service attack (DDoS) in which there is numerous incoming traffic coming from many different locations that simultaneously target the company web application and floods the network with bogus requests.

    Which of the following options are recommended strategies for reducing DDoS attack surface and minimizing the blast radius in the cloud infrastructure? (Select TWO.)

    Always add a security group that only allows certain ports and authorized servers and protects your origin servers by putting it behind a CloudFront distribution. Enable AWS Shield Advanced which provides enhanced DDoS attack detection and monitoring for application-layer traffic to your AWS resources.

    I think the bolded sentence would read better if “protects” was changed to “protect”. It kind of implies that the security group is responsible for protecting the origin servers by putting them behind a CF Distribution. Very minor issue I know and its obvious what is meant.

  • Irene-TutorialsDojo

    Administrator
    October 21, 2025 at 9:02 pm

    Hello Sean Carr,

    Thank you for your feedback! You are absolutely right. The sentence could indeed be more grammatically accurate if we change “protects” to “protect” to make it clearer that the security group is part of the strategy, rather than implying that it is solely responsible for protecting the origin servers by placing them behind a CloudFront distribution.

    This revision clarifies the intent that both the security group and CloudFront distribution contribute to the protection of the origin servers, while AWS Shield Advanced provides additional DDoS protection.

    Thank you for pointing that out! We always appreciate your attention to detail. Let us know if you have any further suggestions or questions!

    Best,

    Irene @ Tutorialsdojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content