exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 9 discussion

A company has an AWS account that hosts a production application. The company receives an email notification that Amazon GuardDuty has detected an Impact:IAMUser/AnomalousBehavior finding in the account. A security engineer needs to run the investigation playbook for this security incident and must collect and analyze the information without affecting the application.
Which solution will meet these requirements MOST quickly?

  • A. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding for details about the IAM credentials that were used. Use the IAM console to add a DenyAll policy to the IAM principal.
  • B. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding to determine which API calls initiated the finding. Use Amazon Detective to review the API calls in context.
  • C. Log in to the AWS account by using administrator credentials. Review the GuardDuty finding for details about the IAM credentials that were used. Use the IAM console to add a DenyAll policy to the IAM principal.
  • D. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding to determine which API calls initiated the finding. Use AWS CloudTrail Insights and AWS CloudTrail Lake to review the API calls in context.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
pupsik
Highly Voted 1 year, 1 month ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/#:~:text=Start%20an%20investigation%20with%20Amazon%20Detective
upvoted 7 times
...
Davidng88
Most Recent 2 months, 4 weeks ago
Selected Answer: B
Read-only credentials ensure that the investigation does not inadvertently affect the production application. Reviewing the GuardDuty finding helps identify the specific IAM credentials and API calls involved. Amazon Detective provides a comprehensive analysis of the API calls in context, allowing for a deeper investigation into the anomalous behavior123. This approach balances thorough investigation with minimal impact on the production environment
upvoted 1 times
...
Raphaello
10 months ago
Selected Answer: B
Using CloudTrail (Insights & Lake) is not entirely wrong for the the aforementioned case, however, since the ask is to analyze the events "QUICKLY", I think Detective provides a good integration with GuardDuty to correlate data and analyze them. I would go with B only for this.."quickly"!
upvoted 2 times
...
Aamee
1 year ago
Selected Answer: B
Option B since Detective is integrated with GuardDuty by native... contrast to option D where Insights and Lake are NA to GuardDuty..
upvoted 2 times
...
Daniel76
1 year ago
Selected Answer: B
A. Read-only login should not allow user to add DenyAllPolicy. C. Add DenyAllPolicy to the principal is very intrusive intervention. D. Use AWS CloudTrail Insights and AWS CloudTrail Lake are not integrated with GuardDuty (as opposed to AWS Detective) hence it might lack correlationship
upvoted 1 times
...
lalee2
1 year, 1 month ago
Selected Answer: B
'Qs says collect and analyze the info' read-only credential is enough. Detective provides API activities.
upvoted 2 times
...
KR693
1 year, 1 month ago
Option B
upvoted 1 times
...
Lunga778
1 year, 1 month ago
correct answer is be https://aws.amazon.com/blogs/aws/new-aws-cloudtrail-lake-supports-ingesting-activity-events-from-non-aws-sources/ https://aws.amazon.com/about-aws/whats-new/2019/11/aws-cloudtrail-announces-cloudtrail-insights/
upvoted 1 times
Lunga778
1 year, 1 month ago
i mean is D
upvoted 1 times
...
...
100fold
1 year, 1 month ago
Selected Answer: B
Answer B
upvoted 1 times
...
AgboolaKun
1 year, 1 month ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...