ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 304 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 304
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company runs a web application on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The EC2 instances are in the same VPC subnet as other workloads.

A security engineer deploys an Amazon GuardDuty detector in the same AWS Region as the EC2 instances. The security engineer also sets up an AWS Security Hub integration with GuardDuty.

The security engineer needs to implement an automated solution to detect and appropriately respond to anomalous traffic patterns for the web application. The solution must comply with AWS best practices for initial response to security incidents and must minimize disruption to the web application.

Which solution will meet these requirements?

  • A. Create an Amazon EventBridge rule that detects the Behavior:EC2/TrafficVolumeUnusual GuardDuty finding. Configure the rule to invoke an AWS Lambda function to disable the EC2 instance profile access keys.
  • B. Create an Amazon EventBridge rule that invokes an AWS Lambda function when GuardDuty detects anomalous traffic. Program the Lambda function to disassociate the identified instance from the Auto Scaling group and to isolate the instance by using a new restricted security group.
  • C. Create a Security Hub automated response that updates the network ACL that is associated with the subnet of the EC2 instances. Configure the response to update the network ACL to deny traffic from the source of detected anomalous traffic.
  • D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security engineer’s email address to the SNS topic. Configure GuardDuty to send all findings to the SNS topic.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Seidor_Analytics at July 31, 2025, 4:23 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
unknownXXX
1 week, 5 days ago
Selected Answer: B
THE ANSWER IS B! A: disabling instance profile access keys doesn't address network-based anomalous traffic C: This could disrupt legitimate traffic to other workloads in the same subnet D: This is only alerting, not an automated response
upvoted 1 times
...
Seidor_Analytics
2 weeks, 6 days ago
Selected Answer: C
90% sure it's C. The scenario points directly to it.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel