AWS Certified Security – Specialty SCS-C01 – Question148

A global company must mitigate and respond to DDoS attacks at Layers 3, 4 and 7. All of the company’s AWS applications are serverless with static content hosted on Amazon S3 using Amazon CloudFront and Amazon Route 53.
Which solution will meet these requirements?

A.
Use AWS WAF with an upgrade to the AWS Business support plan.
B. Use AWS Certificate Manager with an Application Load Balancer configured with an origin access identity.
C. Use AWS Shield Advanced.
D. Use AWS WAF to protect AWS Lambda functions encrypted with AWS KMS, and a NACL restricting all ingress traffic.

Correct Answer: C

Explanation: