ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 412 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 412
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has a single AWS account and uses an Amazon EC2 instance to test application code. The company recently discovered that the instance was compromised. The instance was serving up malware. The analysis of the instance showed that the instance was compromised 35 days ago.

A security engineer must implement a continuous monitoring solution that automatically notifies the company’s security team about compromised instances through an email distribution list for high severity findings. The security engineer must implement the solution as soon as possible.

Which combination of steps should the security engineer take to meet these requirements? (Choose three.)

  • A. Enable AWS Security Hub in the AWS account.
  • B. Enable Amazon GuardDuty in the AWS account.
  • C. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email distribution list to the topic.
  • D. Create an Amazon Simple Queue Service (Amazon SQS) queue. Subscribe the security team’s email distribution list to the queue.
  • E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for GuardDuty findings of high severity. Configure the rule to publish a message to the topic.
  • F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for Security Hub findings of high severity. Configure the rule to publish a message to the queue.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by AdamWest at Nov. 23, 2022, 2:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kerar
Highly Voted 2 years, 7 months ago
Selected Answer: BCE
You can use CloudWatch Events with GuardDuty to set up automated finding alerts by sending GuardDuty finding events to a messaging hub to help increase the visibility of GuardDuty findings. This topic shows you how to send findings alerts to email, Slack, or Amazon Chime by setting up an SNS topic and then connecting that topic to an CloudWatch Events event rule. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html
upvoted 9 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: BCE
BCE are the correct answers. GuardDuty >> EventBridge >> SNS
upvoted 1 times
...
kejam
1 year, 7 months ago
Selected Answer: BCE
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-sns
upvoted 1 times
...
Toptip
2 years, 1 month ago
Selected Answer: BCE
BCE for me too
upvoted 1 times
...
AzureDP900
2 years, 4 months ago
BCE is right
upvoted 1 times
...
milofficial
2 years, 4 months ago
Selected Answer: BCE
easy one
upvoted 3 times
...
Leonardocp33
2 years, 6 months ago
Selected Answer: BCE
BCE, I try and it works.
upvoted 3 times
...
D2
2 years, 7 months ago
BCE - all connected
upvoted 1 times
...
AdamWest
2 years, 7 months ago
Selected Answer: BCE
BCE - Is correct.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel