In AWS API Gateway, which of the following security measures is provided default by AWS to protect the backend systems?

Answer options:

A.Default Cross-Origin Resource Sharing (CORS) configuration.
B.Default Resource Policy.
C.Protection from distributed denial-of-service (DDoS) attacks.
D.Security of backend systems falls under customer responsibility. AWS provides different mechanisms to protect backend systems which are not configured by default.

Answer: C
API Gateway supports throttling settings for each method or route in your APIs. You can set a standard rate limit and a burst rate limit per second for each method in your REST APIs and each route in WebSocket APIs. Further, API Gateway automatically protects your backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3).
Options A and B are part of the above list and do not have any default configurations. Option C is correct.
Option D`s statement is incorrect as it is a distractor. The above screenshot shows AWS automatically protects from DDoS attacks.
Reference:
https://aws.amazon.com/api-gateway/faqs/
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html