An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company's AWS accounts. Which AWS service can the administrator use to protect the company against attacks?
B. What is Amazon GuardDuty?
PDF
Kindle
RSS
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following Data sources: VPC Flow Logs, AWS CloudTrail management event logs, Cloudtrail S3 data event logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IP addresses, or domains. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments, like instances deployed in a Region that has never been used, or unusual API calls, like a password policy change to reduce password strength.
A. Amazon Cognito is a user identity and data synchronization service that helps securely manage and synchronize app data for any size user base across multiple devices. It is not specifically designed to protect against cryptocurrency-related attacks.
B. Amazon GuardDuty is a threat detection service that uses machine learning and behavioral analysis to identify and prioritize potential security threats to AWS accounts and workloads. It can be used to detect and prevent cryptocurrency-related attacks by identifying suspicious activities and alerting administrators.
C. Amazon Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS. It assesses applications for vulnerabilities or deviations from best practices, but it is not specifically designed to protect against cryptocurrency-related attacks.
Ans-B
Amazon GuardDuty generates findings that indicate potential security issues.
* Detect
GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments, like instances deployed in a Region that has never been used, or unusual API calls, like a password policy change to reduce password strength.
* Remediating security issues discovered by GuardDuty
Remediating a compromised EC2 instance
Remediating a compromised S3 Bucket
Remediating compromised AWS credentials
Remediating Kubernetes security issues discovered by GuardDuty
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_remediate.html
Guard Duty:to analyze logs -analyze Cloudtrail ,VPC flow, DNS logs -No need to install any sw since only analyzing logs -Can protect against CryptoCurrency attacks
B.Guard Duty
NOTES:
Shield:
1.Shield Standard enabled by default/no need to enable
2.Shield Standard is L3 L4 only
eg.SYN/UDP floods,Reflectionattacks,etc
3.Shield Advanced includes L7 as well
4.Sield Advanced gives DDoS protection NOT shield Shield Standard!!!
5.Shield Advanced includes WAF bundled with it
6.Shield Advanced gives access to dedicated DRT(DDos Response Team)
7.Shield advanced gives protection against high fees during usage spikes due to DDoS
Inspector:for ec2
-provides security assessments on EC2(known vulnerabilities)
-need to install sw(agent) on EC2 (unless using just the 'network assessment' feature--agentless)
Guard Duty:to analyze logs
-analyze Cloudtrail ,VPC flow, DNS logs
-No need to install any sw since only analysing logs
-Can protect against CryptoCurrency attacks <<<<<<<<<<
Macie:for S3
discover and protect your sensitive data(eg PII) in AWS
WAF:L7 protection
-Deploy only on Cloudfront,ALB, API GW
-contains Web ACL/rules
-can do rate-based rules(to count no fo events)/this also helps in DDoS protection
-It protects against common attacks like SQL injection and XSS(Cross Site scripting)--ie L7 based attacks
NOTE the difference between Inspector & GuardDuty
# Inspector is a Proactive tool and used for Compliance or Threat Detection whereas GuardDuty is a Reactive tool that actively monitors the threats as it happens.
Answer is B.
https://aws.amazon.com/guardduty/
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dmscountera
Highly Voted 3 years, 7 months agonoahsark
3 years, 7 months agoHarshul
3 years, 6 months agoAtanu_M
Highly Voted 3 years, 7 months agosofiella
Most Recent 2 years, 3 months agoalex1491
2 years, 10 months agoexamJack
3 years, 1 month agoSharan_25_v
3 years, 4 months agonutouch
3 years, 4 months agoshamg
3 years, 4 months agoGomer
3 years, 5 months agogargaditya
3 years, 5 months agoRidzV
3 years, 5 months agogargaditya
3 years, 5 months agovvsandipvv
3 years, 6 months agoCotter
3 years, 6 months agoRes2
3 years, 6 months agomahdeo01
3 years, 6 months agojkwek
3 years, 6 months agomassyg
3 years, 7 months agomh97
3 years, 6 months agoSuresh108
3 years, 7 months agoleliodesouza
3 years, 7 months ago