Answer: A and B
AWS Docs provides the following details.
If DDoS alarms in CloudWatch indicate a possible layer 7 attacks, you have two options.
· Investigate and mitigate the attack on your own: If you determine that activity represents a DDoS attack, you can create your own AWS WAF rules to mitigate the attack. AWS WAF is included with AWS Shield Advanced at no additional cost. AWS provides pre-configured templates to get you started quickly.
· If you are an AWS Shield Advanced customer, you also have the option of contacting the AWS Support Center: If you want assistance in applying mitigations, you can contact the AWS Support Center. Critical and urgent cases are routed directly to DDoS experts. With AWS Shield Advanced, complex cases can be escalated to the DRT, which has deep experience in protecting AWS, Amazon.com, and its subsidiaries.
Option C is incorrect because AWS Shield is enabled by default and you need to enable AWS Shield Advanced to engage AWS DDoS Response Team (DRT).
Option D is incorrect because GuardDuty detects unauthorized and unexpected activities in your AWS environment. It does not help to respond to layer 7 DDoS attacks.
For more information on responding to DDoS attacks, please visit the below URL
https://docs.aws.amazon.com/waf/latest/developerguide/ddos-responding.html