You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS)
attacks.
Which of the below are viable mitigation techniques? (Choose 3)
A.
Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
B.
Use dedicated instances to ensure that each instance has the maximum performance possible.
C.
Use an Amazon CloudFront distribution for both static and dynamic content.
D.
Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database
Service (RDS) tiers
E.
Add alert Amazon CloudWatch to look for high Network in and CPU utilization.
F.
Create processes and capabilities to quickly add and remove rules to the instance OS firewall.
CDE
CDE is the right answer
CDE
CDE
cde
C and D – yes, sure. For D, it suggests to use an Elastic Load Balancer with auto scaling groups for RDS tier. None of them is supported currently. regarding ELB:
“Currently, the Elastic Load Balancing (ELB) load balancer does not support the routing of traffic to RDS instances. Therefore, you might want to consider other options such as HAProxy, which is a open-source software-based load balancer that many people use.”
https://aws.amazon.com/blogs/database/scaling-your-amazon-rds-instance-vertically-and-horizontally/
There is an interesting discussion on https://equizzing.com/amazon/which-of-the-below-are-viable-mitigation-techniques-3/
From the rest, I like more the option B:
“B. Correct – If you are on a dedicated server then you lose the chance neighbor being DDOS”
So: C,B,E