ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 970 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 970
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company uses Amazon EC2 instances to run business-critical applications. Software that is running on the EC2 instances recently caused Amazon GuardDuty to generate the PenTest:S3/KaliLinux finding for some of the company's environments. The company wants to prevent this software from running again. The company is using AWS Organizations to manage its AWS accounts.

What should a solutions architect do to meet these requirements?

  • A. Configure Amazon Inspector to check the EC2 instances for the forbidden software and to send an Amazon Simple Notification Service (Amazon SNS) notification when the software is identified. Create an AWS Lambda function that stops the EC2 instances and notifies the company. Subscribe the Lambda function to the SNS topic.
  • B. Create a centralized Amazon EventBridge (Amazon CloudWatch Events) bus to receive GuardDuty events from all accounts. Configure an EventBridge (CloudWatch Events) rule to invoke an AWS Lambda function when the GuardDuty event is generated. Configure the Lambda function to stop the EC2 instances and notify the company.
  • C. Configure an SCP to prevent the software from being installed. Apply the SCP to the root OU for the organization.
  • D. Create a library of approved EC2 AMIs. Create a catalog in AWS Service Catalog to deploy the AMIs for the organization. Update IAM policies to allow EC2 instances to be created only with Service Catalog AMIs.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by masetromain at Nov. 30, 2022, 4:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
3a632a3
1 year, 6 months ago
Selected Answer: D
Kali Linux is an OS. They want to prevent the usage of Kali Linux. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-kalilinux A - Inpector is for vulnerabilities of installed software B - this is possible but reactive, it can take 5 minutes for GuardDuty to send the EventBridge notification. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency D - prevents unapproved AMIs = OS from being launched. My only concern is that it says IAM policies but should be SCP for orgs.
upvoted 1 times
...
rsn
1 year, 10 months ago
Selected Answer: D
Both A & B seems to be reactive and only stops the EC2 instance. D seems to be a permanent resolution. Any thoughts any one?
upvoted 3 times
vn_thanhtung
1 year, 10 months ago
I think B is better than D, because it prevents the development of the application
upvoted 1 times
vn_thanhtung
1 year, 10 months ago
because D prevents the development of the application
upvoted 1 times
...
...
...
Jesuisleon
2 years, 1 month ago
Selected Answer: B
B is right and A is wrong, pls. refer to https://docs.aws.amazon.com/inspector/latest/user/findings-managing-automating-responses.html, You need EventBridge between Inspector and SNS !
upvoted 3 times
...
dev112233xx
2 years, 2 months ago
Selected Answer: A
It's A: Q: What is the format of GuardDuty findings? GuardDuty findings come in a common JavaScript Object Notation (JSON) format, which is also used by Macie and Amazon Inspector. This makes it easier for customers and partners to consume security findings from all three services and incorporate them into broader event management, workflow, or security solutions. https://aws.amazon.com/guardduty/faqs/
upvoted 2 times
...
hobokabobo
2 years, 3 months ago
Selected Answer: B
It is B and not A as we should intercept the security events already generated by Guard Duty(B) and not invent some custom stuff ignoring the events(A).
upvoted 2 times
...
zozza2023
2 years, 5 months ago
Selected Answer: A
A and B are possible for me. seems that A is more clear about the software that we should forbeden (B doesn't speak about it)
upvoted 1 times
...
sndychvn
2 years, 5 months ago
Selected Answer: B
B is definitely possible. Not sure of A
upvoted 2 times
...
ggrodskiy
2 years, 6 months ago
Correct B for me
upvoted 1 times
...
syaldram
2 years, 6 months ago
Selected Answer: B
I would go with B on this one. I was thinking D but it will not prevent others from downloading the kali linux in the EC2 after launch anyways.
upvoted 2 times
...
Kende
2 years, 6 months ago
Selected Answer: A
It's "A" for me.
upvoted 1 times
Kende
2 years, 6 months ago
or "B" :)
upvoted 1 times
...
...
masetromain
2 years, 7 months ago
The answer seems to be A or B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel