AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct answer is to contact the AWS Shield Response Team (SRT). A key benefit of the AWS Shield Advanced subscription is 24/7 access to the SRT, which is a team of AWS experts who specialize in DDoS attack mitigation. During an attack, customers can engage the SRT to help analyze traffic, identify novel attack patterns, and author custom AWS WAF rules to mitigate the threat.

Enabling proactive engagement is incorrect because this feature allows the SRT to contact you if they detect a DDoS event that is impacting the health of your application (as monitored by a Route 53 health check). It is not the mechanism for you to request assistance with writing custom WAF rules. Subscribing to a third-party managed rule set is a good security practice but does not fulfill the requirement for real-time, specialized expertise to handle a novel attack pattern that the rule set may not cover. Automating WAF rule creation with GuardDuty and Lambda is a possible custom solution, but it is not the most direct or effective method provided by the Shield Advanced service for getting expert assistance during a complex attack; the SRT is the purpose-built solution for this scenario.