exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam

Exam AWS Certified Security - Specialty topic 1 question 309 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 309
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company uses Amazon GuardDuty to detect threats and malicious activities in AWS accounts. The company has subscribed to a third-party threat intelligence list uploaded to an Amazon S3 bucket.
How should the security engineer efficiently use the threat list across all company AWS accounts?

  • A. Ensure the S3 bucket policy allows all company AWS accounts access to the threat list. Use an AWS Lambda function to automatically add the threat list to all company AWS accounts.
  • B. Ensure GuardDuty is in master-member configuration. Add the threat list to the master account referencing the S3 object that contains the threat list.
  • C. Ensure all accounts are part of the same organization in AWS Organizations. Add the threat list to any company account within AWS Organizations.
  • D. Ensure the threat list in the S3 bucket is publicly accessible. Use an Amazon CloudWatch Events event on GuardDuty findings to match IPs against the threat list.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
roger8978
Highly Voted 3 years, 6 months ago
B......IMO....https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/
upvoted 9 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: B
B is the correct answer. ACD do not say much really!
upvoted 1 times
...
awsec2
2 years, 6 months ago
C. By adding the threat list to any company account within AWS Organizations, the security engineer can ensure that the threat list is available to all accounts that are part of the organization. This will allow the security engineer to efficiently use the threat list across all company AWS accounts without having to manually add it to each account.
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: B
Option B for me.
upvoted 1 times
...
sapien45
2 years, 11 months ago
Selected Answer: B
In multi-account environments, only users from GuardDuty administrator accounts can upload and manage trusted IP lists and threat lists. Trusted IP lists and threat lists that are uploaded by the administrator account are imposed on GuardDuty functionality in its member accounts. Customize findings within the GuardDuty network through the creation and management of suppression rules, trusted IP lists, and threat lists. Member accounts lose access to these features in a multiple-account environment.
upvoted 2 times
...
treeli
3 years, 1 month ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/
upvoted 1 times
...
Radhaghosh
3 years, 5 months ago
B. Ensure GuardDuty is in master-member configuration. Add the threat list to the master account referencing the S3 object that contains the threat list.
upvoted 3 times
...
leu_alves_sch
3 years, 5 months ago
Answer: B https://aws.amazon.com/blogs/security/how-to-automate-import-third-party-threat-intelligence-feeds-into-amazon-guardduty/
upvoted 4 times
...
argol
3 years, 6 months ago
Managing multiple accounts in Amazon GuardDuty To manage multiple accounts in Amazon GuardDuty, you must choose a single AWS account to be the administrator account for GuardDuty. You can then associate other AWS accounts with the administrator account as member accounts. There are two ways to associate accounts with a GuardDuty administrator account: either through an AWS Organizations organization that both accounts are members of, or by sending an invitation through GuardDuty. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_accounts.html "C" is the answer
upvoted 3 times
mmendozaf
3 years, 4 months ago
Based on your explanation, option B seems closest.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...