A company hosts a critical web application on the AWS Cloud. This is a key revenue-generating application for the company. The IT Security team is worried about potential DDoS attacks against the website ( this might affect the AWS services like Amazon CloudFront, Amazon Route 53, and AWS Global Accelerator ). The senior management has also specified that immediate action needs to be taken in case of a potential DDoS attack. What should be done in this regard?

Answer options:

A.Consider using the AWS Shield Standard Service.
B.Consider using VPC Flow logs to monitor traffic for DDos attack and quickly take actions on a trigger of a potential attack.
C.Consider using the AWS Shield Advanced Service.
D.Consider using Cloudwatch logs to monitor traffic for DDos attack and quickly take actions on a trigger of a potential attack.

Answer: C
Option A is incorrect because the AWS Shield Standard Service will not assist with immediate action against a DDoS attack. AWS Shield Standard Service is enabled by default, and there is no need to enable it by users.
Option B is incorrect because VPC Flow Logs is a logging service for VPCs traffic flow but cannot specifically protect against DDoS attacks.
Option C is CORRECT because AWS Shield Advanced protection provides always-on, flow-based monitoring of network traffic and active application monitoring to provide near real-time notifications of DDoS attacks. AWS Shield Advanced also gives customers highly flexible controls over attack mitigations to take action instantly. Customers can also engage the DDoS Response Team (DRT) 24X7 to manage and mitigate their application-layer DDoS attacks.
Option D is incorrect because CloudWatch logs is a logging and monitoring service for AWS Services but cannot specifically protect against DDoS attacks.
The AWS Documentation mentions the following.
AWS Shield Advanced provides enhanced protections for your applications running on Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront and Route 53 against larger and more sophisticated attacks. AWS Shield Advanced is available to AWS Business Support and AWS Enterprise Support customers.
For more information on AWS Shield, please visit the below URL:
https://aws.amazon.com/shield/faqs/