ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 65 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 65
Topic #: 1
[All AWS Certified Security - Specialty Questions]

An organization wants to be alerted when an unauthorized Amazon EC2 instance in its VPC performs a network port scan against other instances in the VPC.
When the Security team performs its own internal tests in a separate account by using pre-approved third-party scanners from the AWS Marketplace, the Security team also then receives multiple Amazon GuardDuty events from Amazon CloudWatch alerting on its test activities.
How can the Security team suppress alerts about authorized security tests while still receiving alerts about the unauthorized activity?

  • A. Use a filter in AWS CloudTrail to exclude the IP addresses of the Security team's EC2 instances.
  • B. Add the Elastic IP addresses of the Security team's EC2 instances to a trusted IP list in Amazon GuardDuty.
  • C. Install the Amazon Inspector agent on the EC2 instances that the Security team uses.
  • D. Grant the Security team's EC2 instances a role with permissions to call Amazon GuardDuty API operations.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BillyC at Aug. 25, 2019, 5:51 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
polo
Highly Voted 3 years, 8 months ago
I am pretty sure its B because you can add Trusted IP in Guard Duty https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload_lists.html
upvoted 36 times
...
AnNguyen
Highly Voted 3 years, 7 months ago
Answer is B Trusted IP lists consist of IP addresses that you have whitelisted for secure communication with your AWS infrastructure and applications. GuardDuty does not generate findings for IP addresses on trusted IP lists. At any given time, you can have only one uploaded trusted IP list per AWS account per region. Threat lists consist of known malicious IP addresses. GuardDuty generates findings based on threat lists. At any given time, you can have up to six uploaded threat lists per AWS account per region. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload_lists.html Thanks polo
upvoted 19 times
...
Nuha_23
Most Recent 1 year, 9 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
addy_prepare
1 year, 9 months ago
B https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html
upvoted 1 times
...
matrpro
2 years ago
Selected Answer: B
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html
upvoted 1 times
...
awsexamer2023
2 years, 2 months ago
Selected Answer: B
AWS Inspecter has two types, neither of them involving 3rd party scanner
upvoted 1 times
...
Suhasj02
2 years, 3 months ago
Selected Answer: B
B because you can add Trusted IP in Guard Duty
upvoted 1 times
...
Abeis
2 years, 4 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
Dara2315
2 years, 4 months ago
Selected Answer: B
Simply B
upvoted 1 times
...
[Removed]
2 years, 6 months ago
Selected Answer: B
Its definetly B
upvoted 1 times
...
lotfi50
2 years, 11 months ago
Selected Answer: B
B is my answer.
upvoted 1 times
...
NSF2
3 years, 6 months ago
So... its B that seems to be more plausible, although "Elastic IP" puts me off a bit. However there is no any other answer as close to this. https://aws.amazon.com/premiumsupport/knowledge-center/guardduty-trusted-ip-list/
upvoted 2 times
...
hk436
3 years, 6 months ago
B is my answer.
upvoted 2 times
...
EA_Practice
3 years, 6 months ago
while B is, indeed, plausible, here is a concern: "add the Elastic IP addresses to a trusted IP list in GuardDuty". Using: docs.aws.amazon.com/guardduty/latest/ug/findings_suppression-rule.html as a guidance, getting: "Recon:EC2/Portscan – Use a suppression rule to automatically archive findings when using a vulnerability assessment application. The suppression rule should consist of two filter criteria. The first criteria should use the Finding type attribute with a value of Recon:EC2/Portscan. The second filter criteria should match the instance or instances that host these vulnerability assessment tools. You can use either the Instance image ID attribute or the Tag value attribute". Nothing about Elastic IPs. Instead, use Tags or AMI arns. Any thoughts ?
upvoted 1 times
EA_Practice
3 years, 6 months ago
... besides, the stem does NOT stipulate existence of the Elastic IPs, making B suspicious.
upvoted 1 times
...
scuzzy2010
3 years, 6 months ago
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html ?
upvoted 1 times
...
...
sanjaym
3 years, 6 months ago
Ans: B 100%
upvoted 1 times
...
Tolaji
3 years, 6 months ago
B is correct
upvoted 1 times
...
durmusc
3 years, 6 months ago
Answer B. AWS Inspector is not used for IP filtering. Guard Duty does it.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago