1
Q
When mitigating against DOS/DDOS attacks, use the same practice you would use on you on-remise components
A
- Firewalls: Security groups, network access control lists, host-based firewalls
- Web application Firewalls(WAFS)
- Host-based or inline IDS/IPS(zTrend Micro)
- Traffic shaping/rate limiting
2
Q
Capabilities based on its elasticity
A
- you can potentially use cloudfront to absorb DOS/SSOS flooding attacks.
- a potential attackers trying to attacj content behind a cloudfront distribution is likely to send most requests to cloudfront edge locations, where the AWS infrastrucure will absorb the extra requests with minimal to no impact on the back-end customer web servers.
Decks in class (31)
# Cards
-
Account/Physical Organization18
-
VPC15
-
EC231
-
Lambda3
-
CloudWatch/CloudTrail/SNS3
-
Advanced Networking17
-
Troubleshooting24
-
S316
-
Route 5311
-
VPN14
-
CLI1
-
Databases11
-
SQS4
-
API Gateway9
-
Monitoring15
-
Deployment Service5
-
Analytics16
-
EC2 Container Service12
-
How to Design CLoud Services and Best Pratice2
-
Monitoring your AWS environment3
-
Architectual Trad-off Decisions3
-
Elasticity & Saclability6
-
Shared Security Responsibility Model2
-
AWS Platform compliance and security services12
-
DDoS Mitigation2
-
Encryption solutions3
-
Complex Access COntrol2
-
Cloud Watch for the security Architect1
-
CloudHSM4
-
Disaster Recovery6
-
Review98
