Answer: AWS Shield

## Explanation **AWS Shield** is the correct answer because it is AWS's managed Distributed Denial of Service (DDoS) protection service. ### Service Breakdown: 1. **AWS Shield**: - Provides managed DDoS protection - Comes in two tiers: - **AWS Shield Standard**: Free, automatic protection for all AWS customers - **AWS Shield Advanced**: Paid service with additional features like 24/7 DDoS response team, cost protection, and advanced attack mitigation 2. **Why other options are incorrect**: - **AWS Firewall Manager**: A security management service that allows you to centrally configure and manage firewall rules across your AWS accounts and applications - **Amazon GuardDuty**: A threat detection service that continuously monitors for malicious activity and unauthorized behavior - **Amazon Inspector**: An automated security assessment service that helps improve the security and compliance of applications deployed on AWS ### Key Features of AWS Shield: - Always-on detection and automatic inline mitigations - Integration with Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing - Real-time visibility into attacks via AWS WAF, Amazon CloudWatch, and AWS Management Console - Protection against infrastructure layer (Layer 3/4) and application layer (Layer 7) attacks AWS Shield is specifically designed to protect AWS applications from DDoS attacks, making it the appropriate choice for managed DDoS protection.

Author: Ritesh Yadav