To maximize DDoS protection for an Application Load Balancer (ALB), which combination of AWS services and configurations should you implement?

hard📝 Application Q8 of 15

AWS - Advanced Security

AEnable AWS Shield Advanced on the ALB and configure AWS WAF with custom rules for traffic filtering

BUse AWS Shield Standard only, as it automatically protects ALBs without additional configuration

CDeploy AWS WAF alone with default rules and rely on ALB security groups for protection

DConfigure AWS Firewall Manager without enabling AWS Shield Advanced or AWS WAF

Step-by-Step Solution

Solution:

Step 1: Understand ALB protection options
ALBs are protected by AWS Shield Standard by default, but this only provides basic protection.
Step 2: Enhance protection with Shield Advanced
Enabling AWS Shield Advanced on the ALB provides enhanced DDoS mitigation and access to the DDoS Response Team.
Step 3: Use AWS WAF for application-layer filtering
Configuring AWS WAF with custom rules helps block malicious traffic at the application layer, complementing Shield Advanced.
Final Answer:
Enable AWS Shield Advanced on the ALB and configure AWS WAF with custom rules for traffic filtering -> Option A
Quick Check:
Shield Advanced + WAF custom rules = maximum ALB DDoS protection [OK]

Quick Trick: Combine Shield Advanced with WAF custom rules for best ALB defense [OK]

Common Mistakes:

Master "Advanced Security" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes