Which of the following services helps protect applications from DDoS attacks?

The correct choice relates to AWS Shield, which is specifically designed to provide protection against Distributed Denial of Service (DDoS) attacks. AWS Shield offers two tiers of protection: Standard and Advanced. The Standard tier protects against the most common types of DDoS attacks automatically, while the Advanced tier provides additional features such as more sophisticated detection, advanced mitigation techniques, and 24/7 access to the DDoS Response Team.

In the context of DDoS attacks, Shield is built to absorb and deflect traffic at the network layer, allowing legitimate traffic to reach your applications while malicious traffic is filtered out. This layered approach to security is essential for maintaining uptime and availability of applications during an attack, ensuring a robust defense strategy.

Other services, while useful for overall application security or network management, do not specifically focus on DDoS mitigation. For example, a Web Application Firewall (WAF) helps in protecting applications from common web vulnerabilities but does not directly mitigate DDoS attacks. Firewall Manager helps manage firewall rules across multiple accounts or resources but does not inherently offer DDoS protection. GuardDuty is a threat detection service that analyzes account activity and alerts users to potential security threats but does not focus on managing DDoS attacks.