AWS Shield

Question 1

What is AWS Shield?

Answer 1

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service.

Question 2

True or False: AWS Shield provides protection against both volumetric and application layer attacks.

Answer 2

True.

Question 3

What are the two tiers of AWS Shield?

Answer 3

AWS Shield Standard and AWS Shield Advanced.

Question 4

Fill in the blank: AWS Shield Standard is automatically included at no additional cost for all AWS customers and provides protection against ______ attacks.

Answer 4

common DDoS.

Question 5

What additional features does AWS Shield Advanced provide over Shield Standard?

Answer 5

Advanced threat intelligence, DDoS cost protection, and 24/7 access to the AWS DDoS Response Team.

Question 6

How does AWS Shield help in real-time attack visibility?

Answer 6

It provides detailed attack diagnostics and visibility through CloudWatch metrics.

Question 7

Which AWS services can AWS Shield protect?

Answer 7

AWS Shield can protect services like Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53.

Question 8

True or False: AWS Shield Advanced requires a subscription fee.

Answer 8

True.

Question 9

What is the primary purpose of AWS Shield?

Answer 9

To protect applications running on AWS from DDoS attacks.

Question 10

What is the benefit of DDoS cost protection in AWS Shield Advanced?

Answer 10

It helps to mitigate the financial impact of scaling resources during an attack.

Question 11

What type of attacks does AWS Shield Standard primarily defend against?

Answer 11

Common, frequently occurring network and transport layer DDoS attacks.

Question 12

Fill in the blank: AWS Shield integrates with AWS ______ for enhanced security and monitoring.

Answer 12

WAF (Web Application Firewall).

Question 13

Which AWS service provides a 24/7 DDoS Response Team (DRT) for AWS Shield Advanced customers?

Answer 13

AWS Shield Advanced.

Question 14

What is the main benefit of using AWS Shield with Amazon CloudFront?

Answer 14

It provides a globally distributed network to absorb DDoS attacks closer to the source.

Question 15

What is the role of the AWS DDoS Response Team?

Answer 15

To assist AWS Shield Advanced customers during DDoS attacks.

Question 16

True or False: AWS Shield can only protect resources in the U.S. region.

Answer 16

False.

Question 17

What does AWS Shield use to automatically detect DDoS attacks?

Answer 17

Traffic anomaly detection.

Question 18

How can AWS Shield customers receive alerts during an attack?

Answer 18

Through Amazon CloudWatch alarms and notifications.

Question 19

What is a key feature of AWS Shield’s reporting capabilities?

Answer 19

It provides detailed attack diagnostics and metrics post-attack.

Question 20

Fill in the blank: AWS Shield is designed to protect against ______ attacks that aim to disrupt service availability.

Answer 20

DDoS.

Question 21

What is the recommended way to enhance security alongside AWS Shield?

Answer 21

Use AWS WAF to filter and monitor HTTP requests.

Question 22

True or False: AWS Shield can only be used with specific AWS services.

Answer 22

False.

Question 23

What is the primary advantage of AWS Shield Standard for all AWS customers?

Answer 23

It provides automatic protection against common DDoS attacks at no extra cost.

Question 24

Which AWS Shield tier includes DDoS response planning?

Answer 24

AWS Shield Advanced.

Question 25

What does AWS Shield Advanced offer for application layer protection?

Answer 25

Protection against more sophisticated application layer attacks.

Question 26

What does DDoS stand for?

Answer 26

Distributed Denial of Service

Question 27

True or False: DDoS attacks can involve multiple compromised systems.

Answer 27

True

Question 28

What is the primary goal of a DDoS attack?

Answer 28

To make a network service unavailable to its intended users.

Question 29

Fill in the blank: A ______ attack overwhelms a server with a flood of requests.

Answer 29

Flood

Question 30

What type of DDoS attack exploits the connection establishment process in TCP?

Answer 30

SYN Flood

Question 31

Which attack type uses a large number of UDP packets to overwhelm a target?

Answer 31

UDP Flood

Question 32

True or False: Application Layer attacks target the application layer rather than the network layer.

Answer 32

True

Question 33

What is the purpose of a DNS Amplification attack?

Answer 33

To exploit DNS servers to flood a target with traffic.

Question 34

Which type of DDoS attack involves sending a large number of ICMP Echo Request packets?

Answer 34

Ping Flood

Question 35

Fill in the blank: A ______ attack involves overwhelming a target with connection requests.

Answer 35

SYN Flood

Question 36

What is an example of an Application Layer DDoS attack?

Answer 36

HTTP Flood

Question 37

True or False: DDoS attacks can be mitigated using firewalls alone.

Answer 37

False

Question 38

What is the main characteristic of a Slowloris attack?

Answer 38

It keeps many connections to the target web server open and holds them open for as long as possible.

Question 39

Which type of DDoS attack involves exploiting vulnerabilities in network protocols?

Answer 39

Protocol Attacks

Question 40

What is the difference between DDoS and DoS?

Answer 40

DDoS involves multiple systems, while DoS involves a single system.

Question 41

Fill in the blank: A ______ attack can be executed using botnets.

Answer 41

DDoS

Question 42

What type of attack uses TCP, UDP, and ICMP protocols to disrupt services?

Answer 42

Volume-Based Attacks

Question 43

True or False: DDoS attacks can only be launched from compromised computers.

Answer 43

False

Question 44

What is a common tool used to conduct DDoS attacks?

Answer 44

LOIC (Low Orbit Ion Cannon)

Question 45

Fill in the blank: A ______ attack targets the HTTP protocol to exhaust server resources.

Answer 45

HTTP Flood

Question 46

Which type of DDoS attack can use reflection techniques?

Answer 46

DNS Amplification

Question 47

What is the primary characteristic of a Resource Exhaustion attack?

Answer 47

It aims to consume server resources, making it unavailable.

Question 48

Fill in the blank: A ______ attack sends a high volume of data to a target's server to overwhelm it.

Answer 48

Flood

Question 49

What is the role of a botnet in a DDoS attack?

Answer 49

To control multiple compromised computers to launch the attack.

Question 50

True or False: DDoS attacks can be used as a smokescreen for other malicious activities.

Answer 50

True

Question 51

What is a key indicator of a DDoS attack in a network?

Answer 51

A sudden spike in incoming traffic.

Question 52

What is AWS Shield?

Answer 52

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service.

Question 53

What are the two tiers of AWS Shield?

Answer 53

AWS Shield Standard and AWS Shield Advanced.

Question 54

True or False: AWS Shield Standard is designed to protect against the most common DDoS attacks.

Answer 54

True

Question 55

What is the primary benefit of AWS Shield Advanced?

Answer 55

It provides additional detection and mitigation capabilities for complex DDoS attacks.

Question 56

Fill in the blank: AWS Shield is integrated with ___ services.

Answer 56

Amazon CloudFront and Amazon Route 53.

Question 57

What type of support does AWS Shield Advanced provide?

Answer 57

24/7 access to the AWS DDoS Response Team (DRT).

Question 58

Which AWS service is used to monitor DDoS attack patterns?

Answer 58

AWS CloudWatch.

Question 59

What is the purpose of AWS Shield metrics?

Answer 59

To provide visibility into the DDoS attack traffic and mitigation status.

Question 60

True or False: AWS Shield can only protect web applications hosted on AWS.

Answer 60

False

Question 61

What is an important feature of AWS Shield Advanced regarding attack reporting?

Answer 61

It offers near real-time attack visibility and detailed reports.

Question 62

How does AWS Shield use machine learning?

Answer 62

To automatically identify and mitigate DDoS attacks based on traffic patterns.

Question 63

What is a key difference between AWS Shield Standard and Advanced in terms of cost?

Answer 63

AWS Shield Standard is free, while AWS Shield Advanced incurs a monthly fee.

Question 64

What is a DDoS attack?

Answer 64

A Distributed Denial of Service attack aims to make a service unavailable by overwhelming it with traffic.

Question 65

What role does Amazon Route 53 play in AWS Shield architecture?

Answer 65

It helps route traffic and can leverage AWS Shield for DDoS protection.

Question 66

Fill in the blank: AWS Shield Advanced includes ___ policies to customize protection.

Answer 66

DDoS protection.

Question 67

What is an AWS WAF?

Answer 67

AWS Web Application Firewall is a service that helps protect web applications from common web exploits.

Question 68

True or False: AWS Shield requires manual configuration to be effective.

Answer 68

False

Question 69

What is the AWS DDoS Response Team (DRT)?

Answer 69

A team of security experts that assist customers during DDoS attacks.

Question 70

Which AWS service can be used alongside AWS Shield for enhanced security?

Answer 70

AWS WAF.

Question 71

What does AWS Shield use to detect attacks?

Answer 71

Anomaly detection algorithms.

Question 72

How can customers implement AWS Shield Advanced?

Answer 72

By subscribing to the service through the AWS Management Console.

Question 73

What is the maximum duration of an attack that AWS Shield can automatically mitigate?

Answer 73

Continuous, as it operates in real-time.

Question 74

What is the significance of threat intelligence in AWS Shield?

Answer 74

It helps enhance detection and mitigation strategies against evolving attack vectors.

Question 75

What is a common misconception about AWS Shield?

Answer 75

That it can prevent all types of attacks, including non-DDoS threats.

Question 76

Fill in the blank: AWS Shield Advanced provides ___ for customers with high traffic needs.

Answer 76

Cost protection against scaling charges during attacks.

Question 77

What is AWS Shield Advanced?

Answer 77

AWS Shield Advanced is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

Question 78

True or False: AWS Shield Advanced provides protection only for web applications.

Answer 78

False

Question 79

What type of DDoS attacks does AWS Shield Advanced protect against?

Answer 79

AWS Shield Advanced protects against both volumetric and application layer DDoS attacks.

Question 80

Fill in the blank: AWS Shield Advanced includes _______ for DDoS attack detection.

Answer 80

real-time attack visibility

Question 81

Which AWS service does AWS Shield Advanced integrate with for automatic mitigation?

Answer 81

AWS WAF (Web Application Firewall)

Question 82

What is the purpose of the DDoS cost protection feature in AWS Shield Advanced?

Answer 82

To protect customers from scaling charges in the event of a DDoS attack.

Question 83

True or False: AWS Shield Advanced offers 24/7 access to the AWS DDoS Response Team (DRT).

Answer 83

True

Question 84

What does the 'attack diagnostics' feature in AWS Shield Advanced provide?

Answer 84

It provides detailed information about DDoS attacks, including attack vectors and mitigation actions.

Question 85

Which AWS service can be used to manage rules for application layer protection when using AWS Shield Advanced?

Answer 85

AWS WAF

Question 86

Multiple Choice: Which of the following is NOT a feature of AWS Shield Advanced? A) Threat intelligence, B) DDoS attack simulation, C) Real-time attack visibility, D) 24/7 DDoS Response Team access.

Answer 86

B) DDoS attack simulation

Question 87

How does AWS Shield Advanced enhance the capabilities of AWS Shield Standard?

Answer 87

By providing additional features like cost protection, advanced attack diagnostics, and access to the DDoS Response Team.

Question 88

True or False: AWS Shield Advanced is available for all AWS services.

Answer 88

False

Question 89

What is the key benefit of using AWS Shield Advanced for critical applications?

Answer 89

It provides enhanced protection against sophisticated DDoS attacks, ensuring application availability.

Question 90

Fill in the blank: AWS Shield Advanced's DDoS Response Team provides _______ support during an ongoing attack.

Answer 90

expert

Question 91

What type of reporting does AWS Shield Advanced offer?

Answer 91

It offers attack reports and usage reports to help understand the impact of DDoS attacks.

Question 92

Multiple Choice: Which of the following is a key feature of AWS Shield Advanced? A) Automatic scaling, B) Advanced threat intelligence, C) Manual DDoS mitigation, D) Limited logging.

Answer 92

B) Advanced threat intelligence

Question 93

What is the primary purpose of the AWS Shield Advanced console?

Answer 93

To provide a centralized interface for managing DDoS protection and viewing attack metrics.

Question 94

True or False: AWS Shield Advanced can only be used in the AWS region where it was activated.

Answer 94

False

Question 95

Fill in the blank: AWS Shield Advanced supports _______ for managing DDoS protection across multiple AWS accounts.

Answer 95

AWS Organizations

Question 96

What is the monthly fee for AWS Shield Advanced service?

Answer 96

The monthly fee is $3,000 per organization.

Question 97

Which feature of AWS Shield Advanced helps to identify attack patterns?

Answer 97

Threat intelligence

Question 98

True or False: AWS Shield Advanced includes a web application firewall.

Answer 98

False

Question 99

What action should you take if you suspect an ongoing DDoS attack on your AWS resources?

Answer 99

Contact the AWS DDoS Response Team for assistance.

Question 100

Fill in the blank: The AWS Shield Advanced service provides _______ for managing DDoS protection.

Answer 100

customizable protections