Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 65 discussion

This question seems to go a little bit too far into the weeds for what this test is supposed to be. The AWS documentation specifically mentions TrustedAdvisor in the article about unrestricted security groups, but Trusted advisor isn't focused on security specifically like GuardDuty. However, GuardDuty doesn't focus on this issue specifically, either. A. AWS Trusted Advisor: A service that provides best practices and recommendations for your AWS environment. It includes security checks, such as identifying security groups with unrestricted access. B. Amazon CloudWatch: A monitoring service, and while it can provide insights into resource utilization and logs, it doesn't specifically focus on identifying misconfigured security groups. C. Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts. GuardDuty doesn't specifically perform configuration checks for security groups with unrestricted access. D. AWS Health Dashboard: Provides information about the status of AWS services. It doesn't typically perform detailed security configuration checks.

Based on Chat GPT: C. Amazon GuardDuty Amazon GuardDuty is an AWS service that is designed to monitor and detect potential security threats in your AWS environment. It helps to identify unusual and unauthorized activities, including misconfigured security groups that may be allowing unrestricted access to specific ports. GuardDuty uses machine learning and threat intelligence to analyze data and generate alerts, making it an effective tool for enhancing the security of your AWS infrastructure. While options like AWS Trusted Advisor and Amazon CloudWatch offer valuable monitoring capabilities, they do not specifically focus on detecting security group misconfigurations. Therefore, in this scenario, Amazon GuardDuty is the most appropriate choice.

The correct answer is: A. AWS Trusted Advisor AWS Trusted Advisor provides real-time guidance to help provision your resources following AWS best practices. It includes a security check that identifies security groups with rules that allow unrestricted access (0.0.0.0/0) to specific ports, which could pose a security risk. This service helps you monitor and remediate misconfigured security groups. Why not the others? B. Amazon CloudWatch: CloudWatch is used for monitoring and observability, such as collecting logs, metrics, and setting alarms. It does not specifically identify misconfigured security groups. C. Amazon GuardDuty: GuardDuty is a threat detection service that uses machine learning to identify malicious activity or unauthorized behavior. It does not focus on identifying misconfigured security groups. D. AWS Health Dashboard: This service provides information about the health of AWS services and resources, but it does not monitor for misconfigured security groups.

The correct answer is C. Amazon GuardDuty. Amazon GuardDuty is a threat detection service that monitors AWS accounts and resources for malicious activity. It can detect misconfigured security groups that allow unrestricted access to specific ports, among other security issues.

A. AWS Trusted Advisor

A. AWS Trusted Advisor

I honestly think GuardDuty is the correct answer here

Guardduty uses machine learning on various events and logs. If a misconfiguration is never abused, Guardduty cannot detect it as no logs are generated.

a is ok

a is ok

As i think GuardDuty coccrect answer, because in the question you can notice word MONITOR, which indicate to GuardDuty service, which is monitor services. Trusted advisor just give some recommendations, TrustedAdvisor under the hood work based on AWS specialist reviews , but not used monitoring.

The AWS service that can monitor for misconfigured security groups allowing unrestricted access to specific ports is: C. Amazon GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. One of the key features of GuardDuty is its ability to detect security misconfigurations, including misconfigured security groups that allow unrestricted access to specific ports. NOT AWS Trusted Advisor because: - While Trusted Advisor does provide recommendations for security best practices, it does not actively monitor for real-time security threats or misconfigurations like misconfigured security groups.

A. AWS Trusted Advisor AWS Trusted Advisor includes a security check that examines security groups for unrestricted access to specific ports. It can identify security groups with overly permissive rules that may pose security risks, such as allowing unrestricted access to SSH (port 22) or RDP (port 3389) from any IP address. By regularly running this check, the company can identify and address any misconfigurations in their security groups to enhance their security posture.

A. AWS Trusted Advisor AWS Trusted Advisor includes a security check called "Security Groups - Specific Ports Unrestricted" that analyzes your security groups and identifies any that have rules allowing unrestricted access to specific ports. It alerts you to these misconfigurations, enabling you to review and modify your security group rules to ensure appropriate access control.

A. AWS Trusted Advisor AWS Trusted Advisor is a service that provides real-time guidance to help you provision your resources following AWS best practices. It includes checks for security configurations, cost optimization, performance, and fault tolerance. Specifically, Trusted Advisor includes checks for security groups that have unrestricted access (e.g., security groups with inbound rules allowing access to all IP addresses) and can provide recommendations to remediate these issues.

C. Amazon GuardDuty Amazon GuardDuty is getting the inputs through VPC flow logs, like unusual internal traffic and unusual IP address.

Correct answer is A. AWS Trusted Advisor: This service provides real-time guidance to help you provision your resources following AWS best practices. It includes checks for security groups that are allowing unrestricted access to specific ports, among other checks. Trusted Advisor can help you identify and resolve issues related to security groups and other AWS resources. Amazon GuardDuty: Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help protect your AWS accounts and workloads. It does not specifically focus on monitoring for misconfigured security groups.