ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 56 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 56
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is running multiple workloads on Amazon EC2 instances in public subnets. In a recent incident, an attacker exploited an application vulnerability on one of the EC2 instances to gain access to the instance. The company fixed the application and launched a replacement EC2 instance that contains the updated application.
The attacker used the compromised application to spread malware over the internet. The company became aware of the compromise through a notification from AWS. The company needs the ability to identify when an application that is deployed on an EC2 instance is spreading malware.
Which solution will meet this requirement with the LEAST operational effort?

  • A. Use Amazon GuardDuty to analyze traffic patterns by inspecting DNS requests and VPC flow logs.
  • B. Use Amazon GuardDuty to deploy AWS managed decoy systems that are equipped with the most recent malware signatures.
  • C. Set up a Gateway Load Balancer. Run an intrusion detection system (IDS) appliance from AWS Marketplace on Amazon EC2 for traffic inspection.
  • D. Configure Amazon Inspector to perform deep packet inspection of outgoing traffic.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by zaazanuna at March 19, 2023, 4:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ITgeek
Highly Voted 2 years ago
Selected Answer: A
the emphasis is on the efforts to stand out a solution, that is where guarduty can help in identify
upvoted 10 times
...
zaazanuna
Highly Voted 2 years ago
A - correct. This solution involves using Amazon GuardDuty to monitor network traffic and analyze DNS requests and VPC flow logs for suspicious activity. This will allow the company to identify when an application is spreading malware by monitoring the network traffic patterns associated with the instance. GuardDuty is a fully managed threat detection service that continuously monitors for malicious activity and unauthorized behavior in your AWS accounts and workloads. It requires minimal setup and configuration and can be integrated with other AWS services for automated remediation. This solution requires the least operational effort compared to the other options
upvoted 10 times
...
AzureDP900
Most Recent 3 months, 2 weeks ago
Selected Answer: A
Amazon GuardDuty is a service that analyzes network traffic patterns and detects malicious activity in real-time. It can be configured to inspect DNS requests and VPC flow logs, which would provide the necessary visibility into applications running on EC2 instances. By using Amazon GuardDuty, the company can identify potential malware-related activity without having to implement additional infrastructure or configuration changes. This solution requires minimal operational effort as it leverages an existing AWS service.
upvoted 1 times
...
woorkim
5 months, 3 weeks ago
A B. AWS managed decoy systems (honeypots) are not the most appropriate or least effort solution for identifying malware spread from EC2 instances. C. Gateway Load Balancer with an IDS appliance from AWS Marketplace is a more complex setup, requiring manual configuration, management, and scaling. D. Amazon Inspector is primarily focused on vulnerability assessments rather than inspecting outgoing traffic for malware.
upvoted 2 times
...
Raphaello
1 year ago
Selected Answer: A
GuardDuty is AWS intelligent threat detection, which I think the answer to the ask in this scenario. However, option C (GWLB + IDS) is not entirely wrong, apart from "operational effort" part.
upvoted 2 times
...
patanjali
1 year, 1 month ago
Selected Answer: A
LEAST operational effort is only using GuardDuty. GWLB option is another way to do this too but that involve lots of operational overhead and lots of config/routing change.
upvoted 1 times
...
marfee
1 year, 2 months ago
I think that it's correct answer is A.
upvoted 1 times
...
JoseCC
1 year, 8 months ago
A - correct https://aws.amazon.com/blogs/aws/new-for-amazon-guardduty-malware-detection-for-amazon-ebs-volumes/
upvoted 1 times
...
Mishranihal737
1 year, 8 months ago
Yes correct answer is A
upvoted 1 times
...
silviahdz
1 year, 12 months ago
Selected Answer: A
A is the right choice as it requires less effort.
upvoted 2 times
...
dremm
2 years ago
Selected Answer: C
C is correct. Although GuardDuty can detect malware infected machines, it cannot prevent spreading. This options requires Malware Protection to be enabled on GuardDuty which is not mentioned in the answers. DNS queries and VPC flow logs will not help in detecting malware spread. C is the most logical answer here.
upvoted 2 times
that1guy
2 years ago
> "Although GuardDuty can detect malware infected machines, it cannot prevent spreading." This isn't an requirement from the question: "The company needs the ability to *identify* when an application that is deployed on an EC2 instance is spreading malware."
upvoted 5 times
dremm
2 years ago
You are right, switching to A)
upvoted 2 times
...
...
...
helloworldabc
2 years ago
AAAAAAAAAAAA
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago