ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 90 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 90
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions as possible.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

  • A. Turn on VPC Flow Logs for all VPCs in the account.
  • B. Activate Amazon GuardDuty across all AWS Regions.
  • C. Activate Amazon Detective across all AWS Regions.
  • D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that responds to findings and publishes the findings to the SNS topic.
  • E. Create an AWS Lambda function. Create an Amazon EventBridge rule that invokes the Lambda function to publish findings to Amazon Simple Email Service (Amazon SES).
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by oioi at Nov. 23, 2023, 9:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AgboolaKun
Highly Voted 1 year, 6 months ago
Selected Answer: BD
BD are the correct options here. The keywords here are "developing an incident response plan to detect suspicious activity". There is no better way to develop incident response plan without providing a way for the relevant stakeholders to take actions or respond to suspicious activities. B is an obvious option because GuardDuty can monitor and analyze API calls across all AWS Regions, and network activities found in Amazon CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. Therefore, option A is not needed since GuardDuty monitoring activities include the VPC Flow Logs. There is no better way to respond to the findings generated by GuardDuty than the services described in option D.
upvoted 9 times
61cfe5f
10 months, 3 weeks ago
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#guardduty_vpc "When you enable GuardDuty, it immediately starts analyzing your VPC flow logs from Amazon EC2 instances within your account. It consumes VPC flow log events directly from the VPC Flow Logs feature through an independent and duplicative stream of flow logs. This process does not affect any of your existing flow logs configuration."
upvoted 2 times
IPLogic
6 months, 2 weeks ago
So you have turn on the VPC Flow Logs. its A.
upvoted 1 times
TareDHakim
5 months, 3 weeks ago
No you don't need to enable it for Guard Duty will stream those regardless if you enable it or not.
upvoted 1 times
...
...
...
Aamee
1 year, 6 months ago
Ok, but why the Detective svc. wasn't a good choice here as it's for developing an incident response plan to 'detect' right?... Agree with option D on the other hand cuz it makes sense..
upvoted 1 times
...
...
navid1365
Highly Voted 1 year, 1 month ago
Selected Answer: AB
A and B are correct for sure. The question does not mention anything about "notifications" or "communications", so D is incorrect. A is correct because the question mentions visibility and detection. You get visibility into network traffic with VPC flow logs. B is correct because because we need to "detection" threats. GaurdDuty is a threat detection capability.
upvoted 5 times
...
Scunningham99
Most Recent 2 weeks, 4 days ago
Selected Answer: BD
B. Activate Amazon GuardDuty across all AWS Regions D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that responds to findings and publishes the findings to the SNS topic. Here's why: Amazon GuardDuty (Option B): Provides continuous security monitoring with minimal operational overhead Uses machine learning to detect threats and suspicious activities Can be enabled across all regions from a single management account Has a pay-as-you-go pricing model with no upfront costs Automatically analyzes various AWS logs (VPC Flow Logs, CloudTrail, DNS logs) without having to explicitly enable them EventBridge rule with SNS (Option D): Provides a serverless way to route GuardDuty findings SNS is very cost-effective for notification delivery Allows flexible integration with multiple notification endpoints Can easily scale across regions
upvoted 1 times
...
bd38daf
1 month, 2 weeks ago
Selected Answer: AB
VPC Flow Logs need to be enabled first in order for them to be analyzed by GuardDuty.
upvoted 1 times
...
GDuque
5 months, 1 week ago
Selected Answer: AB
Using SNS + Evenbridge does not seem the most analytical and proper way to do it. It does not contribute to detect threats by itself. I think Guarduty + VPC flows is much more cost effective and straitghtforward solution. And with VPC flows you must only pay for data storage.
upvoted 1 times
...
TareDHakim
5 months, 3 weeks ago
Selected Answer: BD
You don't need to enable VPC flow logs for Amazon GuardDuty because GuardDuty already pulls data from VPC Flow Logs. GuardDuty is a threat detection service that monitors for malicious activity in AWS accounts and workloads. It integrates with other AWS security services, including: Amazon CloudTrail, Amazon VPC flow Logs, and AWS WAF.
upvoted 1 times
TareDHakim
5 months, 3 weeks ago
https://aws.amazon.com/guardduty/faqs/#:~:text=No%2C%20GuardDuty%20pulls%20independent%20data%20streams%20directly%20from%20CloudTrail
upvoted 1 times
...
...
IPLogic
6 months, 2 weeks ago
Selected Answer: AB
The most cost-effective combination of steps to meet these requirements. A. Turn on VPC Flow Logs for all VPCs in the account. B. Activate Amazon GuardDuty across all AWS Regions. VPC Flow Logs provides detailed visibility into network traffic with your VPs. This is a cost effective way to monitor and log network activity, which is important for detecting suspicious behaviour. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious activity and unauthorized behaviour. Activating across all AWS regions ensures comprehensive coverage and visibility into potential security threats.
upvoted 1 times
...
minTwin
1 year, 1 month ago
Selected Answer: BD
B and D seems like the most straightforward and cost effective solution
upvoted 1 times
...
lightrod
1 year, 4 months ago
Selected Answer: BD
GuardDuty analyzes VPC flow logs regardless of if you have turned them on or not
upvoted 3 times
...
rahav
1 year, 5 months ago
Selected Answer: BD
VPC Flow logs are very expensive.... Guardduty is the right tool to do that with eventbridge
upvoted 1 times
...
WeepingMaplte
1 year, 6 months ago
Selected Answer: BD
A. Turn on VPC Flow Logs for all VPCs in the account: While VPC Flow Logs offer detailed information about network traffic, analyzing and storing logs for all VPCs across Regions can incur significant storage and processing costs. C. Activate Amazon Detective across all AWS Regions: Detective focuses on root cause analysis and investigation, which might be overkill for initial detection and notification. Additionally, its per-hour billing model can quickly become expensive for continuous monitoring across multiple Regions. E. Create an AWS Lambda function for publishing findings to SES: While Lambda offers flexibility, creating and maintaining a custom Lambda function specifically for publishing findings can add development and operational overhead compared to the readily available options with EventBridge and SNS.
upvoted 1 times
...
Aamee
1 year, 6 months ago
Selected Answer: AB
AB options best suited. Self-explantory too.
upvoted 1 times
...
[Removed]
1 year, 6 months ago
Selected Answer: AB
AB are correcto
upvoted 1 times
...
oioi
1 year, 6 months ago
Selected Answer: AB
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel