In rare cases, you may find the DDoS mitigation is not aggressive enough to react to bad actors attacking your domain. It is important to understand the levels of DDoS mitigation and the logic that sits behind the feature.
DDoS mitigation is stateful - this means that as requests are incoming to Shield layer, there are layers of validation being performed on the request. This is validated more rigorously on higher levels of DDoS settings and the stateful mitigation is more reactive to bad actor patterns. You may notice if during a DDoS attack for example, that domain A on high may have removed the high impact bad actor quicker (as well as presented a Shield challenge), than a domain B on low settings may have. It is recommended in any case to review how your site gets impacted and choose how you wish to address it.
The Shield challenge in question forces the user/agent to perform a lightweight computational task, and if successfully done so to pass said challenge. This ensures any automated bad actors (commonly blocked via the challenge method) cannot penetrate the domain any further. If you find suspected automation/patterns of attacks, you should increase the DDoS mitigation beyond low; this allows a greater chance of those bad actors to be presented and blocked by the challenge.