ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 356 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 356
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company recently had a security audit in which the auditors identified multiple potential threats. These potential threats can cause usage pattern changes such as DNS access peak, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls. The threats can come from different sources and can occur at any time. The company needs to implement a solution to continuously monitor its system and identify all these incoming threats in near-real time.

Which solution will meet these requirements?

  • A. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon CloudWatch Logs to manage these logs from a centralized account.
  • B. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon Macie to monitor these logs from a centralized account.
  • C. Enable Amazon GuardDuty from a centralized account. Use GuardDuty to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.
  • D. Enable Amazon Inspector from a centralized account. Use Amazon Inspector to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Shriraj32 at Nov. 23, 2022, 7:16 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tainh
Highly Voted 2 years, 6 months ago
Selected Answer: C
C Q: Which data sources does GuardDuty analyze? GuardDuty analyzes CloudTrail management event logs, CloudTrail S3 data event logs, VPC Flow Logs, DNS query logs, and Amazon EKS audit logs. GuardDuty can also scan EBS volume data for possible malware when GuardDuty Malware Protection is enabled and identifies suspicious behavior indicative of malicious software in EC2 instance or container workloads. The service is optimized to consume large data volumes for near real-time processing of security detections. GuardDuty gives you access to built-in detection techniques developed and optimized for the cloud, which are maintained and continuously improved upon by GuardDuty engineering.
upvoted 8 times
Wilson_S
2 years, 5 months ago
Spot on. Also, as referenced in the question “for near real-time processing of security detections.”
upvoted 1 times
...
...
Green53
Most Recent 1 year, 11 months ago
Selected Answer: C
You know we need DNS, VPC and CloudTrail logs. We need continuous near real-time monitoring . A - Not real time B - This isn't what Macie is used for C - GuardDuty enables these resources by default, sounds good! D - Inspector is for EC2 vulnerabilities, it won't process these logs.
upvoted 2 times
...
Toptip
2 years ago
Selected Answer: C
GuardDuty can analyze VPC/DNS/EKS/CloudTrail logs
upvoted 1 times
...
ITGURU51
2 years, 1 month ago
GuardDuty analyzes threats in near real time and is easy to configure. C
upvoted 1 times
...
jishrajesh
2 years, 5 months ago
selected C
upvoted 1 times
...
Subs2021
2 years, 5 months ago
C is the right answer
upvoted 1 times
...
D2
2 years, 6 months ago
Selected Answer: C
Answer C
upvoted 1 times
...
AdamWest
2 years, 6 months ago
Selected Answer: C
Agree - C
upvoted 1 times
...
Shriraj32
2 years, 6 months ago
Selected Answer: C
C from elimination.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel