Learn the most effective solution to safeguard your Amazon EC2 instances against potential botnet command and control traffic in your AWS environment. Compare AWS WAF, Route 53 Resolver DNS Firewall, Systems Manager, and Shield Advanced.
Table of Contents
Question
A company needs to protect against potential botnet command and control traffic from any Amazon EC2 instances that is in in the company’s AWS Environment.
Which solution will meet these requirements?
A. Use AWS Shield Advanced. Activate Shield Advanced protections on the EC2 instances to filter and block botnet traffic.
B. Use Amazon Route 53 Resolver DNS Firewall. Add a rule to a rule group to use the AWSManagedDomainsBotnetCommandandControl managed domain list with an action to block botnet traffic.
C. Use AWS WAF Bot Control. Configure a managed rule group that uses an AWS managed rule set to block botnet traffic.
D. Use AWS Systems Manager. Run a Systems Manager Automation runbook on the EC2 instances to configure the instances to block botnet traffic.
Answer
B. Use Amazon Route 53 Resolver DNS Firewall. Add a rule to a rule group to use the AWSManagedDomainsBotnetCommandandControl managed domain list with an action to block botnet traffic.
Explanation
Amazon Route 53 Resolver DNS Firewall allows you to filter and regulate outbound DNS traffic originating from your VPCs. You can create rules in DNS Firewall to allow or block queries to specific domains.
AWS provides a managed domain list called AWSManagedDomainsBotnetCommandandControl that includes domains associated with known botnet command and control servers. By creating a DNS Firewall rule that references this managed domain list with an action to block traffic, you can prevent your EC2 instances from communicating with botnet infrastructure over DNS.
The other options are not ideal for this use case:
A. AWS Shield Advanced helps protect against DDoS attacks, not botnet command and control traffic specifically. It does not have a feature to filter EC2 instance traffic directly.
C. AWS WAF Bot Control helps manage bot traffic to web applications, but is not designed to block botnet command and control traffic from EC2 instances.
D. AWS Systems Manager allows you to automate management tasks on EC2 instances, but does not have built-in capabilities to filter outbound traffic to block botnets. You would need to manually configure the instances.
Therefore, using Route 53 Resolver DNS Firewall with the AWS managed domain list for botnet domains is the most straightforward and effective solution to meet the company’s requirements. It allows blocking botnet traffic without needing to modify the EC2 instances directly.
Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn Amazon AWS Certified Advanced Networking – Specialty ANS-C01 certification.