ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 364 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 364
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has a multi-account AWS environment with AWS Organizations enabled. The company has hundreds of workloads that are deployed across multiple AWS services. The company has enabled AWS Security Hub for all accounts within the organization and has designated a delegated administrator.

The company wants to implement a centralized solution to provide near-real-time response and automatic remediation for custom security detections throughout the organization.

Which solution will meet these requirements?

  • A. Create Security Hub custom actions in the organization's delegated administrator account. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to evaluate the configuration of the resource and send noncompliant resources to Security Hub. Send the findings to an EventBridge (CloudWatch Events) event to invoke a Lambda function to remediate the custom security detection. Send the Lambda function results to an Amazon Simple Notification Service (Amazon SNS) topic. Update the Security Hub finding.
  • B. Create Security Hub insights for findings in the organization's delegated administrator account. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to parse the resources within the insight and send noncompliant resources to Security Hub. Send the output to invoke subsequent Lambda functions to remediate the noncompliant resources. Send the Lambda function results to an Amazon Simple Notification Service (Amazon SNS) topic. Update the Security Hub finding.
  • C. Create Security Hub insights for findings in the organization's delegated administrator account and member accounts. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to parse the resources within the insight and send noncompliant resources to Security Hub. Send the output to invoke subsequent Lambda functions to remediate the noncompliant resources. Send the Lambda function results to an Amazon Simple Notification Service (Amazon SNS) topic. Update the Security Hub finding.
  • D. Designate an AWS Config delegated administrator account for the organization. Create an AWS Config aggregator in this delegated administrator account and in all member accounts. Enable Security Hub integration with AWS Config. Create an AWS Config custom rule to check for noncompliant resources. Create an associated AWS Lambda function to take action on the noncompliant resources. Send the Lambda function results to a log group in Amazon CloudWatch Logs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Shriraj32 at Nov. 23, 2022, 4:53 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D2
Highly Voted 2 years, 6 months ago
Selected Answer: A
Answer A https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws/
upvoted 10 times
due
2 years, 6 months ago
refer by the link, mention to AWS Security Hub Custom Actions. vote A
upvoted 1 times
...
...
Arad
Most Recent 1 year ago
Selected Answer: D
D is correct.
upvoted 1 times
...
AgboolaKun
1 year, 8 months ago
Selected Answer: A
The correct answer is A. Please refer to the link - https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-custom-actions.html
upvoted 1 times
...
michele_scar
2 years ago
Selected Answer: A
Using custom action to send findings to Events
upvoted 2 times
...
Toptip
2 years, 1 month ago
Selected Answer: A
I think A is correct.. but i need to investigate more! Is this flow valid? Hub=>EventBridge=>Lambda=>Hub=>EventBrdige=>Lambda=>SNS i'm still not sure if it's possible to use the Security Hub "custom actions" so "evaluate" findings with Lambda then notify Security Hub again to trigger a EventBridge which trigger another Lambda function.. sounds weird right? D could be also correct even though i don't like it
upvoted 1 times
...
ITGURU51
2 years, 1 month ago
B and C are removed from the equation for the following reasons: Security Hub insights deliver generic detections, however the business requirement specifies the need to create a custom detection.
upvoted 2 times
...
ITGURU51
2 years, 1 month ago
Answer A provides near real time threat detection and response.
upvoted 1 times
...
nairj
2 years, 2 months ago
Answer is A : The difference between A and D is : A focusses on remediation of Security hub findings which is what the question has asked for, not validating compliance of resources based on AWS config rules. D is correct if the question asks about validating compliance of resources.
upvoted 2 times
...
c73bf38
2 years, 3 months ago
Selected Answer: A
Security Hub for centralized monitoring and response and automatic remediation.
upvoted 1 times
...
Artaggedon
2 years, 3 months ago
Selected Answer: A
My vote goes to A. Here's why: D is INCORRECT since you would only be able to detect changes in your AWS, but not other threats. B and C are INCORRECT since we are asked for CUSTOM, and both implement default findings or configuration. A is the one in my opinion.
upvoted 2 times
...
awsguru1998
2 years, 3 months ago
B A proposes creating Security Hub custom actions and using Amazon EventBridge (Amazon CloudWatch Events) rules to invoke AWS Lambda functions to evaluate the configuration of the resource and send noncompliant resources to Security Hub. However, it does not specify any remediation action to be taken, so it would require manual intervention to remediate the noncompliant resources. Therefore, option B is the better solution for providing near-real-time response and automatic remediation for custom security detections throughout the organization.
upvoted 1 times
...
selim507
2 years, 4 months ago
Selected Answer: D
The question requires "Custom Security Detection", so I go with D, AWS Config. You can create your own rules in config and get notified when it is not fulfilled any more and you can fix the issue with a lambda. Whereas in Security Hub you can only run some rules defined by AWS or some industry companies.
upvoted 2 times
...
Leonardocp33
2 years, 5 months ago
Selected Answer: A
A, near real time is more effective with CloudWatch Events.
upvoted 1 times
...
Balki
2 years, 6 months ago
Selected Answer: B
It is clearly B https://aws.amazon.com/blogs/security/use-security-hub-custom-actions-to-remediate-s3-resources-based-on-macie-discovery-results/
upvoted 2 times
...
Teknoklutz
2 years, 7 months ago
Selected Answer: D
i think D for AWS Config
upvoted 2 times
...
tainh
2 years, 7 months ago
Selected Answer: A
i think A https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws/
upvoted 1 times
...
landsamboni
2 years, 7 months ago
Selected Answer: A
I think A is correct. https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-custom-actions.html
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel