Home › Forums › AWS › AWS Certified SysOps Administrator Associate › Sysops exam question › Reply To: Sysops exam question
-
As far as I know for HTTP flood attacks CloudFront is the advised service to use. Refer to the whitepaper ‘AWS Best Practices for DDos Resiliency’ (page 16)
“These features mean that using Amazon CloudFront reduces the number of requests and TCP connections back to your origin which helps protect your web application from HTTP floods”
And something similar is also mentioned on the Shield Overview page: “AWS Shield Advanced also protects you against application layer attacks, like HTTP floods.”Furthermore I was also a bit confused by the wording ‘Integrate’ in option 1 and 3 and 5, as -at least for shield- it’s ‘just’ a matter of configuring the devices you want to be protected in shield, and nothing more if I read the docs correctly (i.e. no ‘integrate’, which I would assume is something extra besides configuring).