ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 508 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 508
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company is using an organization in AWS Organizations that contains 100 accounts. The company has configured trusted access for Amazon GuardDuty to AWS Organizations within the management account. The company has designated a member account to be the GuardDuty administrator for the organization.

GuardDuty is working properly and reports findings for the organization in the GaurdDuty console. The company wants a SecOps team to receive real-time email alerts from any GuardDuty finding within the organization that is high severity according the GuardDuty severity levels.

Which solution will meet these requirements?

  • A. In the management account, create a rule in Amazon EventBridge that will react to a GuardDuty finding that has a high severity level. Configure the rule to notify an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SecOps team's email addresses to the SNS topic.
  • B. Configure trusted access for AWS Config within the organization. Create a rule in AWS Config to monitor for any non-archived findings in GuardDuty. Create a rule in Amazon EventBridge that will react if AWS Config detects a compliance change for the AWS Config rule. Configure the EventBridge rule to target an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SecOps team's email addresses to the SNS topic.
  • C. In the GuardDuty delegated administrator account, configure a rule in Amazon EventBridge that will react to a GuardDuty finding that has a high severity level. Configure the rule to notify an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SecOps team's email addresses to the SNS topic.
  • D. Configure AWS CloudTrail for the organization in the management account. Create a rule in Amazon EventBridge that will run on a ListFindings API call. Configure the rule to notify an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SecOps team's email addresses to the SNS topic.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by OCHT at May 30, 2023, 1:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
yorkicurke
1 year, 5 months ago
Selected Answer: C
The management account is responsible for designating the delegated administrator, but it is the delegated administrator account that receives the GuardDuty findings.
upvoted 1 times
...
Noexperience
1 year, 9 months ago
Selected Answer: A
In the management account, create a rule in Amazon EventBridge that will react to a GuardDuty finding that has a high severity level. Configure the rule to notify an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SecOps team's email addresses to the SNS topic.
upvoted 1 times
...
Maya77
1 year, 12 months ago
Agree C https://repost.aws/questions/QUXAlaV5seR6WYR4RPlRVr7g/enabling-guardduty-via-organisations
upvoted 2 times
...
cloudenthusiast
1 year, 12 months ago
Selected Answer: C
In this solution, the configuration is done in the GuardDuty delegated administrator account, which is responsible for managing GuardDuty on behalf of the organization. By creating a rule in Amazon EventBridge, you can define a condition to react specifically to GuardDuty findings with a high severity level. When such a finding occurs, the rule triggers and sends a notification to an Amazon SNS topic. The SecOps team's email addresses are subscribed to this SNS topic, ensuring that they receive real-time email alerts for the high severity GuardDuty findings.
upvoted 2 times
...
Mark1000
1 year, 12 months ago
C Between A and C it must be taken into account that Guarduty is managed from the delegated administration account for Guarduty, not from the management account.
upvoted 2 times
...
OCHT
2 years ago
Selected Answer: C
GuardDuty findings are sent to EventBridge (formerly CloudWatch Events) in real-time. You can create an EventBridge rule that matches GuardDuty findings with a high severity level. The rule can then target an SNS topic, which can send an email to the SecOps team. This setup allows the team to receive real-time email alerts for high severity GuardDuty findings.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel