Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 354 discussion

1) Macie : Checks data patterns in S3 ( using AI ) like PII or other sensitive information 2) Inspector : Checks what happens when you actually get an attack. ( this is useful for Assessment ) ; Pro-active 3) GuardDuty : Analyzes the actual events that happened in the AWS that it is running. ( Reactive ) 4) EventBridge : AWS Serverless Service that helps to build event-driven applications

C. Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification Service (Amazon SNS) notifications

ccccccccccccc

C is the right one

CCCCCCCCCCCC

Vote C

Answer is C

C: Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

Option "B" is the best response to this scenario. Explanation: AWS Guard Duty is an automated threat-detection service that can be quickly enabled, does not require agents to be installed, and monitors unusual account usage using sources like AWS CloudTrail logs, DNS logs, and other sources. Keyword is "automate"

Why not D?

Answer is C-Inspector. ====== Guard Duty: Aim is to analyze logs: -CloudTrail Logs: unusual API calls, unauthorized deployments -VPC Flow Logs: unusual internal traffic, unusual IP address -DNS Logs: compromised EC2 instances sending encoded data within DNS queries Can protect against CryptoCurrency attacks (has a dedicated “finding” for it). It uses Machine Learning. ========= Macie helps identify and alert you to sensitive data, such as personally identifiable information (PII). Applies only for S3. ========= Inspector is specific to EC2. -Provides Automated Security Assessments for EC2 instances. -Requires agent installation on EC2 for Host(vulnerability assessment/best practices) OR can do NW Assessment for EC2 without installing agent

Answer is C. https://aws.amazon.com/inspector/

https://aws.amazon.com/inspector/: "Amazon Inspector security assessments help you check for unintended network accessibility of your Amazon EC2 instances and for vulnerabilities on those EC2 instances. Amazon Inspector assessments are offered to you as pre-defined rules packages mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for access to your EC2 instances from the internet, remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers." C for correct

Yes, C - Inspector - STREAMLINE SECURITY COMPLIANCE It gives security teams and auditors visibility into the security testing that is being performed during development of applications on AWS. This streamlines the process of validating and demonstrating that security and compliance standards and best practices are being followed throughout the development process.

C is sure.