Your current web application is hosted on a set of EC2 Instances which are placed behind an application load balancer. All the Security groups and NACL`s have been put into place for tight security. What extra measure can be taken to ensure blocking of DDos attacks from malicious IP addresses?

Answer options:

A.Consider placing the WAF service ( included in AWS Shield Advanced ) in front of the Application Load balancer
B.Consider placing an AWS PrivateLink service in front of the Application Load balancer
C.Consider placing an AWS Shield service in front of the Application Load balancer
D.Consider adding the more restrictive rules to the Network ACL`s

Answer – A
The AWS Documentation mentions the following
AWS WAF is a web application firewall that lets you monitor web requests that are forwarded to Amazon CloudFront distributions or an Application Load Balancer. You can also use AWS WAF to block or allow requests based on conditions that you specify, such as the IP addresses that requests originate from or values in the requests.
Option B is incorrect because AWS PrivateLink is used to provide an endpoint for a service
Option C is incorrect because AWS Shield is already a service present. You need AWS Shield Advanced for DDos protection
Option D is incorrect because you need a better effective mechanism for protecting against DDoS attacks
For more information on AWS WAF,please refer to the below link
https://aws.amazon.com/documentation/waf/