ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 82 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 82
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Engineer must design a system that can detect whether a file on an Amazon EC2 host has been modified. The system must then alert the Security
Engineer of the modification.
What is the MOST efficient way to meet these requirements?

  • A. Install antivirus software and ensure that signatures are up-to-date. Configure Amazon CloudWatch alarms to send alerts for security events.
  • B. Install host-based IDS software to check for file integrity. Export the logs to Amazon CloudWatch Logs for monitoring and alerting.
  • C. Export system log files to Amazon S3. Parse the log files using an AWS Lambda function that will send alerts of any unauthorized system login attempts through Amazon SNS.
  • D. Use Amazon CloudWatch Logs to detect file system changes. If a change is detected, automatically terminate and recreate the instance from the most recent AMI. Use Amazon SNS to send notification of the event.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Edgecrusher77 at March 19, 2021, 3:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel76
Highly Voted 3 years, 8 months ago
Change my answer to B. CloudWatch Log is not suitable to detect granular file system change. It will require system tools such as IDS or use an OS audit package to do so: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-monitor-file-system-changes/
upvoted 14 times
...
kiev
Highly Voted 3 years, 8 months ago
B for me as well. You need host based to detect the file integrity and then cloudwatch to monitor and send alerts.
upvoted 7 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: B
Use HIDS.
upvoted 2 times
...
mamila
1 year, 10 months ago
Selected Answer: B
File integrity monitoring (FIM) is an important feature of host-based intrusion detection technologies.
upvoted 1 times
...
vavofa5697
2 years, 2 months ago
Selected Answer: B
B for me as well
upvoted 1 times
...
ITGURU51
2 years, 3 months ago
Cloudwatch is used to track hardware and software metrics. B is the best answer to detect changes for file integrity.
upvoted 1 times
...
skillz2investor
2 years, 7 months ago
Selected Answer: B
B is the correct answer
upvoted 1 times
...
plpatankar
2 years, 10 months ago
Selected Answer: B
B. file integrity software is needed to detect file changes.
upvoted 1 times
...
Root_Access
2 years, 10 months ago
This is an old question, you can (and I'd say you should) track file changes with AWS Config: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-inventory.html
upvoted 3 times
...
MillarD
3 years, 5 months ago
Selected Answer: B
Only IDS based solution can detect file system changes.
upvoted 1 times
...
ChauPhan
3 years, 8 months ago
D is incorrect because CW logs can't detect file change (integrity). Only CloudTrail can do it Also there is no need to recreate EC2 like that :D. There is not any question talking about how to recover the file, even recover a file, we don't need to recreate an instance.
upvoted 1 times
...
Kdosec
3 years, 8 months ago
Why is a stupid answer D ? Detect a file change to terminate and re-create the instance ? I don't think it is a good solution for change management, the best way is B.
upvoted 2 times
...
sanjaym
3 years, 8 months ago
Ans: B 100%
upvoted 2 times
EA_Practice
3 years, 8 months ago
hey, you again with a very helpful contribution.
upvoted 2 times
...
...
eskimolander
3 years, 8 months ago
B if it is a file in the host of EC2 and D if it is an image file (AMI) of EC2.
upvoted 3 times
...
Daniel76
3 years, 8 months ago
D- The most efficient way is to make use of AWS services - CloudWatch Log, configure metric and send notification by SNS. with SNS you can receive email alert without having to login to AWS to check CloudWatch Alarms. Third party HIDS requires setup EC2 and maintenance of instances, OS and s/w patches.
upvoted 1 times
...
Huy
3 years, 9 months ago
B is correct.
upvoted 1 times
ChinkSantana
3 years, 9 months ago
Host Based IDS is for Intrusion detection and not File Modification.. D is the most correct option here
upvoted 2 times
...
...
Edgecrusher77
3 years, 9 months ago
Why D ??? B is correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel