Exam ANS-C00 topic 1 question 22 discussion

Its D, question says as soon as possible , you can't setup transit vpc soon

There is no requirement to setup an IDS, ''A business is using a near real-time intrusion detection system (IDS) solution in response to growing cybersecurity concerns'- They have it in place. Looking for a solution to gather the logs and move to a location for further analyze. So should be B

Correct Answer D

The correct answer is A: Guard Duty is not IDS/IPS. For IPS and IDS you need a third party EC2 based solution.

D - an AWS blog post calls it an IDS https://aws.amazon.com/blogs/security/new-third-party-test-compares-amazon-guardduty-to-network-intrusion-detection-systems/

GuardDuty is Correct

D. What is Amazon GuardDuty? PDF Kindle RSS Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following Data sources: VPC Flow Logs, AWS CloudTrail management event logs, Cloudtrail S3 data event logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IP addresses, or domains. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments, like instances deployed in a Region that has never been used, or unusual API calls, like a password policy change to reduce password strength.

AWS has got an audit done for Guardduty lately which qualifies it to be an effective IDS . https://aws.amazon.com/blogs/security/new-third-party-test-compares-amazon-guardduty-to-network-intrusion-detection-systems/ So i think we should go with D

A is the correct answer no doubt . No other AWS service provides deep inspection (IDS)

Answer is D - GuardDuty is a cloud-centric IDS service that uses Amazon Web Services (AWS) data sources to detect a broad range of threat behaviors. Refer the link https://aws.amazon.com/blogs/security/new-third-party-test-compares-amazon-guardduty-to-network-intrusion-detection-systems/#:~:text=GuardDuty%20is%20a%20cloud%2Dcentric,solutions%20for%20network%20threat%20detection.

A: is the answer. AWS does not offer service for deep packet inspections. IDS solutions in AWS Marketplace can be combined with various AWS services such as Amazon CloudWatch, a monitoring service for resources and applications you run on AWS. Additional services like Amazon Inspector, an automated security assessment service, can also be complemented by offerings in AWS Marketplace. https://aws.amazon.com/mp/scenarios/security/ids/

I would go for D "The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs. With a few clicks in the AWS Management Console, GuardDuty can be enabled with no software or hardware to deploy or maintain. By integrating with Amazon CloudWatch Events, GuardDuty alerts are actionable, easy to aggregate across multiple accounts, and straightforward to push into existing event management and workflow systems"

Guard duty is AWS managed threat detection service so the answer is D

I think the correct answer is A: Guard Duty is intelligent detection and threat but not IDS/IPS...for IPS and IDS you need a third party solution https://aws.amazon.com/it/mp/scenarios/security/ids/

Couldn't find clear statement(Aws doc, public writings) that GuardDuty replaces an IDS tool, but provides 'some functionality' of an IDS therefore not confident with D. However, would go for D because of all reqs in question: asap delivery, near real time IDS, multiaccount support. Still have not good feeling about it and if it's just a question trap.

Guard duty is equivalent of IPS IDS devices.

A. Third Party