Which of the below are viable mitigation techniques?

You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS)
attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)

You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS)
attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)

A.
Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.

B.
Use dedicated instances to ensure that each instance has the maximum performance possible.

C.
Use an Amazon CloudFront distribution for both static and dynamic content.

D.
Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database
Service (RDS) tiers

E.
Add alert Amazon CloudWatch to look for high Network in and CPU utilization.

F.
Create processes and capabilities to quickly add and remove rules to the instance OS firewall.



Leave a Reply 4

Your email address will not be published. Required fields are marked *


McEphin

McEphin

B, C, E

http://www.aiotestking.com/amazon/which-of-the-below-are-viable-mitigation-techniques/

This is my best guess from everything
A. Wrong – I don’t see how adding interfaces will help with DDOS
B. Correct – If you are on a dedicated server then you lose the chance neighbor being DDOS
C. Correct – CloudFront = DDOS protection
D. Wrong – ELB in front of RDS? Seems strange. Also, scaling out in an attack is an expensive and wrong way of dealing with it
E. Wrong – OS Firewall drops packets after they are at the server. DDOS protection needs to be as far upstream as possible.

McEphin

McEphin

A. Wrong – I don’t see how adding interfaces will help with DDOS
B. Correct – If you are on a dedicated server then you lose the chance neighbor being DDOS
C. Correct – CloudFront = DDOS protection
D. Wrong – ELB in front of RDS? Seems strange. Also, scaling out in an attack is an expensive and wrong way of dealing with it
E. Correct – first step in mitigating a DDOS is knowing it’s happening
F. Wrong – OS Firewall drops packets after they are at the server. DDOS protection needs to be as far upstream as possible.