An outsourcing company is working on a government project. Security is very important to the success of the application. The application is developed mainly in EC2 with several application load balancers. CloudFront and Route53 are also configured. The major concern is that it should be able to be protected against DDoS attacks. The company decides to activate the AWS Shield Advanced feature. To this effect, it has hired an external consultant to `educate` its employees on the same. For the below options, which ones help the company to understand the AWS Shield Advanced plan? Select 3.

Answer options:

A.AWS Shield Advanced plan is able to protect application load balancers, CloudFront and Route53 from DDoS attacks.
B.AWS Shield Advanced plan does not have a monthly base charge. The company only needs to pay the data transfer fee. Other than that, AWS WAF includes no additional cost.
C.Route 53 is not covered by AWS Shield Advanced plan. However, Route 53 is able to be protected under AWS WAF. A dedicated rule in WAF should be customized.
D.24*7 support by the DDoS Response team. Critical and urgent priority cases can be answered quickly by DDoS experts. Custom mitigations during attacks are also available.
E.Real-time notification of attacks is available via Amazon CloudWatch. Historical attack reports are also provided.
F.AWS Shield is a sub-feature within AWS WAF. AWS Shield Advanced can be activated in AWS WAF console, which also provides the near real-time metrics and packet captures for attack forensics.

Correct Answer – A, D, E
 
AWS Shield has two plans - AWS Shield Standard and AWS Shield Advanced.
AWS Shield Standard:
AWS Shield Standard activates automatically at no additional charge. AWS Shield Standard defends against the most common, frequently occurring network and transport layer DDoS attacks that target your applications.
AWS Shield Advanced:
For higher levels of protection against attacks. It has a subscription fee which is $ 3000 per month.
Option A is CORRECT. Because Elastic Load Balancing (ELB), Amazon CloudFront, Amazon Route 53 are all covered by AWS Shield Advanced.
Option B is incorrect. Because AWS Shield Advanced has a subscription commitment of 1 year with a base monthly fee of 3000$.
Option C is incorrect. Because Route 53 is covered by AWS Shield Advanced.
Option D is CORRECT. Because 24*7 support by the DDoS Response team is a key feature of the advanced plan.
Option E is CORRECT. Because AWS Shield Advanced integrates with AWS CloudWatch and provides relevant reports.
Option F is incorrect. Because AWS Shield is not within AWS WAF. Please note that both of them help protect the AWS resources. AWS WAF is a web application firewall service, while AWS Shield provides expanded DDoS attack protection for the AWS resources.