Which managed service offers protection against distributed denial of service (DDoS) attacks for applications on AWS?
AWS Shield
Which AWS Shield option is free of charge for AWS customers?
AWS Shield Standard
What types of attacks does AWS Shield protect against?
- Network volumetric attacks (Layer 3): capacity saturation
- Network protocol attacks (Layer 4): TCP SYN flood
- Application layer attacks (Layer 7): web request floods
What are the two options of AWS Shield?
- Shield Standard – free for all AWS customers
- Shield Advanced – paid option with additional features
Which AWS Shield option provides protection at the network perimeter (region for VPC) and at the edge (CloudFront or Global Accelerator)?
AWS Shield Standard
Which AWS Shield option defends against network (L3) and transport (L4) layer attacks?
AWS Shield Standard
Which AWS Shield option is a commercial product with extra features and additional cost?
AWS Shield Advanced
Is AWS Shield Advanced enabled automatically?
No, must be explicitly enabled in Shield Advanced or AWS Firewall Manager Shield Advanced Policy
Which AWS Shield option protects Route 53, CloudFront, Global Accelerator, and resources associated with Elastic IPs, ALBs, NLBs, and CLBs?
AWS Shield Advanced
Which AWS Shield option provides cost protection for EC2 scaling events caused by unmitigated attacks?
AWS Shield Advanced
Which AWS Shield option provides proactive engagement and access to the Shield Response Team (SRT) when availability or performance is affected by an attack?
AWS Shield Advanced
Which AWS Shield option provides health-based detection (application-specific health checks) to enable proactive engagement by the Shield Response Team?
AWS Shield Advanced
Which AWS Shield option provides health-based detection (requires application-specific health checks) to enable proactive engagement by the Shield Response Team?
AWS Shield Advanced
Which AWS Shield option integrates with AWS Web Application Firewall (WAF) to provide application-layer (L7) protection?
AWS Shield Advanced
Which AWS Shield option provides real-time metrics and reports of DDoS events and attacks?
AWS Shield Advanced
What AWS Shield Advanced feature allows creating logical collections of protected resources and managing them together?
Protection groups
What is the pricing model for AWS Shield Advanced?
- $3,000 per month per organization (minimum 12-month commitment)
- Data-transfer-out/month usage fees
-
IAM39
-
STS9
-
Organizations14
-
CloudTrail16
-
KMS14
-
S3128
-
EBS61
-
EFS14
-
VPC104
-
Hybrid Networking66
-
EC2152
-
Route 5336
-
RDS59
-
AWS Backup8
-
ELB44
-
SSM11
-
ECS12
-
ECR11
-
EKS7
-
ASG43
-
Lambda66
-
EventBridge11
-
SNS11
-
Step Functions15
-
API Gateway25
-
SQS41
-
Kinesis45
-
Cognito17
-
Glue13
-
MQ9
-
AppFlow6
-
ACM13
-
CloudFront75
-
Global Accelerator8
-
Storage Gateway58
-
CloudWatch65
-
CloudFormation110
-
Snow Family8
-
Directory Service17
-
DataSync12
-
FSx for Windows File Server13
-
FSx for Lustre15
-
Transfer Family15
-
Code*44
-
Elastic Beanstalk45
-
X-Ray27
-
DynamoDB97
-
ElastiCache19
-
Secrets Manager11
-
Systems Manager12
-
Web Application Firewall30
-
Shield17
-
CloudHSM11
-
Macie14
-
Inspector15
-
GuardDuty8
-
Athena8
-
Redshift12
-
Comprehend3
-
Kendra5
-
Lex4
-
Polly6
-
Rekognition4
-
Textract5
-
Transcribe5
-
Translate6
-
Forecast3
-
Fraund Detector3
-
SageMaker5
-
Local Zones6
