Answer: B.
Option A is INCORRECT.
AWS Shield Standard helps prevent DDoS attacks that occur commonly and target websites/applications on the transport and network layer.
When used in conjunction with Route 53 and Cloudfront, protection is assured against all known layer 3 and layer 4 attacks.
AWS Shield Standard is free.
Option B is CORRECT.
AWS Shield Advanced protects applications on EC2, ELB, Cloudfront, global accelerator and Route 53 resources.
So near real-time visibility into the attacks could be obtained and sophisticated DDoS attacks could be prevented.
Option C is INCORRECT.
AWS Firewall Manager helps convenient implementation of compliance and simplifies the firewall rules management across AWS accounts.
Option D is INCORRECT.AWS WAF (Web Application Firewall) offers prevention for APIs and Web Applications from unavailability, security compromise, increased resources consumption.
Reference:
https://aws.amazon.com/shield/ https://aws.amazon.com/waf/ https://aws.amazon.com/firewall-manager/
For protecting applications on EC2, ELB and Route 53 resources, the suggested AWS service would be AWS Shield Advanced.
AWS Shield is a managed DDoS (Distributed Denial of Service) protection service that safeguards applications running on AWS. It offers two levels of protection: AWS Shield Standard and AWS Shield Advanced.
AWS Shield Standard is automatically enabled for all AWS customers at no additional cost. It provides basic DDoS protection for all AWS resources, including EC2 instances, Elastic Load Balancers (ELBs), Amazon CloudFront distributions, Amazon Route 53 hosted zones, and Amazon Global Accelerator.
AWS Shield Advanced provides additional protection against more sophisticated DDoS attacks and offers near real-time visibility into attacks, which allows customers to quickly respond to threats. It provides 24/7 access to AWS DDoS experts and provides access to enhanced DDoS protection features, such as:
- Advanced protection against larger and more sophisticated DDoS attacks
- Network traffic analysis and visibility
- Attack mitigation support by AWS DDoS response team
- Protection for non-AWS resources via AWS Global Accelerator.
AWS Firewall Manager, on the other hand, is a security management service that allows you to centrally configure and manage firewall rules across multiple AWS accounts and resources. It provides a way to create and manage AWS WAF (Web Application Firewall) rules across multiple resources, but it does not provide DDoS protection.
AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. While it provides protection against web application attacks, it does not provide DDoS protection.
In conclusion, AWS Shield Advanced is the suggested service for obtaining near real-time visibility into the attacks and prevent sophisticated DDoS attacks for the mentioned AWS resources (EC2, ELB, and Route 53).