ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 63 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 63
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security alert has been raised for an Amazon EC2 instance in a customer account that is exhibiting strange behavior. The Security Engineer must first isolate the
EC2 instance and then use tools for further investigation.
What should the Security Engineer use to isolate and research this event? (Choose three.)

  • A. AWS CloudTrail
  • B. Amazon Athena
  • C. AWS Key Management Service (AWS KMS)
  • D. VPC Flow Logs
  • E. AWS Firewall Manager
  • F. Security groups
Show Suggested Answer Hide Answer
Suggested Answer: ADF 🗳️
by mojoa at Sept. 5, 2019, 2:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
INASR
Highly Voted 3 years, 9 months ago
A D F are correct answers, you isolate using security groups and investigate using VPV logs and cloud trial
upvoted 39 times
...
Osemk
Highly Voted 3 years, 9 months ago
ADF my answer
upvoted 11 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: ADF
ADF. To isolate and have services that provides information. Athena is a useful service, but not a source of information like CloudTrail and VPC Flow Logs. We need to know what external parties the instance has been in contact with (VPC Flow Logs), and what actions and API calls the instance issued (CloudTrail).
upvoted 1 times
...
Nuha_23
1 year, 10 months ago
Selected Answer: ADF
isolate --> Security group research this event --> Cloudtrail & VPV logs However, CloudTrail determines who accesses your AWS account whereas VPC Flow Logs determines who accesses your VMs.
upvoted 1 times
...
liuyomz
1 year, 11 months ago
Selected Answer: BDF
Why is CLoudtrail used? Could'nt it be VPC Flow logs + Athena for analysis? And the SG to isolate the instance
upvoted 1 times
...
dcyberguy
2 years ago
A. Cloudtrail for log analyses B. Athena for search queries F. Security group for Isolation.
upvoted 1 times
sandromechi
1 year, 12 months ago
You would be right if VPC Flow Logs wasn't in the list. You will want to check VPC Flowlogs to track EC2 traffic.
upvoted 1 times
...
...
Robert0
2 years, 1 month ago
Selected Answer: ADF
ADF makes the most sense
upvoted 1 times
...
matrpro
2 years, 2 months ago
Selected Answer: ADF
ADF are correct. If you are checking a recent issue you can check it directly from the console without using Athena. Here you can see how to proceed and which services are useful for forensic -> https://aws.plainenglish.io/basic-services-and-actions-for-forensic-investigation-in-aws-dbd04188bbe7
upvoted 1 times
...
zeeke
2 years, 4 months ago
Selected Answer: BDF
Question asked what should be used to analyze, which is Athena targeted to S3 bucket of VPC Flow Logs after isolating with security group. You can't analyze anything with CloudTrail, and if you did, it would be account API activity, not EC2 traffic.
upvoted 3 times
peddyua
2 years, 4 months ago
you may see events indicating that unauthorized users accessed the instance, or that its configuration was modified in a way that is not consistent with your organization's policies. By using CloudTrail to investigate EC2 instance behavior, you can gain valuable insights into your account activity and identify potential security issues ADF
upvoted 1 times
...
...
Dara2315
2 years, 6 months ago
Selected Answer: ADF
Cloud trail and box logs for analysis and Sh for isolation
upvoted 1 times
...
skillz2investor
2 years, 7 months ago
Selected Answer: ADF
Isolate with Security groups and investigate using cloud trails and Athena.
upvoted 1 times
...
janvandermerwer
2 years, 7 months ago
Selected Answer: ADF
A, D, F 1. Isolate instance = adjust security groups 2. collect and check logs -- VPC flow logs for network traffic -- Cloudtrail for other traffic - API calls etc. Optional: Finally review data = Cloudtrail should be fine by itself, but if you needed to collect a lot of log data, say over a week, then i'd recommend using athena to query the data structure.
upvoted 2 times
...
Mr__
2 years, 9 months ago
Selected Answer: ADF
A, D and F you need flow logs to research this incident
upvoted 2 times
...
Root_Access
2 years, 10 months ago
Selected Answer: ABF
A. AWS CloudTrail B. Amazon Athena F. Security groups You use security groups to isolate, then use query cloudtrail using athena: Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity. For example, you can use queries to identify trends and further isolate activity by attributes, such as source IP address or user. https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
upvoted 3 times
...
vbal
2 years, 10 months ago
BDF - https://medium.com/binbash-inc/network-monitoring-use-aws-athena-to-query-vpc-flow-logs-66a9dc7043bc
upvoted 1 times
Sickcnt
1 year, 12 months ago
Exactly BDF
upvoted 1 times
...
...
pymattew
3 years, 2 months ago
Selected Answer: ADF
adf ad investigate f isolate
upvoted 3 times
...
sanjaym
3 years, 8 months ago
Ans: ADF 100%
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel