A security engineer is analyzing Amazon GuardDuty findings. The security engineer observes an Impact value for ThreatPurpose in a GuardDuty finding. What does this value indicate?
A.
An adversary has compromised an AWS resource so that the resource is capable of contacting its home command and control (C&C) server to receive further instructions for malicious activity.
B.
GuardDuty is detecting activity or activity patterns that are different from the established baseline for a particular AWS resource.
C.
GuardDuty is detecting activity or activity patterns that suggest that an adversary is attempting to manipulate, interrupt, or destroy the company's systems and data.
D.
GuardDuty is detecting activity or activity patterns that an adversary might use to expand its knowledge of the company's systems and internal networks.
Answer: C
Impact
This value indicates that GuardDuty has detected activity or activity patterns that suggest that an adversary is attempting to manipulate, interrupt, or destroy your systems and data. This threat purpose is based on MITRE ATT&CK tactics
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-format.html
Definition.
Impact
This value indicates that GuardDuty has detected activity or activity patterns that suggest that an adversary is attempting to manipulate, interrupt, or destroy your systems and data.
C.
DefenseEvasion value indicates that GuardDuty has detected activity or activity patterns that an adversary may use to avoid detection while infiltrating your environment.
Discovery value indicates that GuardDuty has detected activity or activity patterns that an adversary may use to expand their knowledge of your systems and internal networks.
Exfiltration value indicates that GuardDuty has detected activity or activity patterns that an adversary may use when attempting to steal data from your network.
Impact value indicates that GuardDuty has detected activity or activity patterns that suggest that an adversary is attempting to manipulate, interrupt, or destroy your systems and data.
C
The Impact value for ThreatPurpose in a GuardDuty finding indicates that GuardDuty is detecting activity or activity patterns that suggest that an adversary is attempting to manipulate, interrupt, or destroy the company's systems and data. This value indicates that GuardDuty has identified a potential threat to the company's systems and data, and that further investigation may be needed to determine the nature and extent of the threat.
Impact
This value indicates that GuardDuty has detected activity or activity patterns that suggest that an adversary is attempting to manipulate, interrupt, or destroy your systems and data. This threat purpose is based on MITRE ATT&CK tactics
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
khamrumunnu
Highly Voted 3 years, 6 months agoRadhaghosh
Highly Voted 3 years, 5 months agoRaphaello
Most Recent 1 year, 4 months agosakibmas
2 years, 6 months agoawsec2
2 years, 6 months agoD2
2 years, 7 months agodcasabona
2 years, 11 months agosapien45
2 years, 11 months agoTigerInTheCloud
3 years, 2 months agolotfi50
3 years, 4 months agoWaniru
3 years, 5 months ago