ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 314 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 314
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company deployed Amazon GuardDuty in the us-east-1 Region. The company wants all DNS logs that relate to the company's Amazon EC2 instances to be inspected.
What should a security engineer do to ensure that the EC2 instances are logged?

  • A. Use IPv6 addresses that are configured for hostnames.
  • B. Configure external DNS resolvers as internal resolvers that are visible only to AWS.
  • C. Use AWS DNS resolvers for all EC2 instances.
  • D. Configure a third-party DNS resolver with logging for all EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by roger8978 at Dec. 31, 2021, 5:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LearnMeSomeAWS
Highly Voted 3 years, 5 months ago
"If you use AWS DNS resolvers for your EC2 instances (the default setting), then GuardDuty can access and process your request and response DNS logs through the internal AWS DNS resolvers. If you are using a 3rd party DNS resolver, for example, OpenDNS or GoogleDNS, or if you set up your own DNS resolvers, then GuardDuty cannot access and process data from this data source." << therefore C.
upvoted 12 times
...
roger8978
Highly Voted 3 years, 5 months ago
C. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#guardduty_dns
upvoted 6 times
...
awsec2
Most Recent 2 years, 5 months ago
D Option A is not correct because it suggests using IPv6 addresses that are configured for hostnames, which is not related to logging EC2 instances in GuardDuty. Option B is not correct because it suggests configuring external DNS resolvers as internal resolvers that are visible only to AWS, which does not address the requirement to log EC2 instances in GuardDuty. Option C is not correct because it suggests using AWS DNS resolvers for all EC2 instances, which does not provide the necessary logging for GuardDuty.
upvoted 1 times
awsec2
2 years, 5 months ago
Sorry its C
upvoted 1 times
...
...
sapien45
2 years, 9 months ago
Selected Answer: C
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html If you use AWS DNS resolvers for your Amazon EC2 instances (the default setting), then GuardDuty can access and process your request and response DNS logs through the internal AWS DNS resolvers. If you use another DNS resolver, such as OpenDNS or GoogleDNS, or if you set up your own DNS resolvers, then GuardDuty cannot access and process data from this data source.
upvoted 2 times
...
ritears41
2 years, 10 months ago
Selected Answer: C
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#guardduty_dns
upvoted 1 times
...
HananS
3 years, 1 month ago
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#guardduty_dns C is the answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel