AdministratorApril 26, 2020 at 11:02 pmHi James, Kung,
Thank you for posting your question. The scenario says: “…secure against common web exploits such as cross-site scripting, SQL injection and brute-force HTTP flood attacks”
I understand that the last item could also be defined as a DDoS attack. However, please note that you can also protect your application from common brute-force attacks using AWS WAF by creating a Rate-based rule:
Remember that by default, your account comes with AWS Shield Standard that defends against most common, frequently occurring network and transport layer DDoS attacks that target your website or applications. AWS Shield Advanced, on the other hand, provides expanded DDoS attack protection to your AWS services.
The scenario doesn’t warrant the use of AWS Shield Advanced since the main focus is to secure the application against common web exploits.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Jon Bonso @ Tutorials Dojo