Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 9 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 9
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has an AWS account that hosts a production application. The company receives an email notification that Amazon GuardDuty has detected an Impact:IAMUser/AnomalousBehavior finding in the account. A security engineer needs to run the investigation playbook for this security incident and must collect and analyze the information without affecting the application.
Which solution will meet these requirements MOST quickly?

  • A. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding for details about the IAM credentials that were used. Use the IAM console to add a DenyAll policy to the IAM principal.
  • B. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding to determine which API calls initiated the finding. Use Amazon Detective to review the API calls in context.
  • C. Log in to the AWS account by using administrator credentials. Review the GuardDuty finding for details about the IAM credentials that were used. Use the IAM console to add a DenyAll policy to the IAM principal.
  • D. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding to determine which API calls initiated the finding. Use AWS CloudTrail Insights and AWS CloudTrail Lake to review the API calls in context.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AgboolaKun at Oct. 15, 2023, 8:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
pupsik
Highly Voted 11 months, 2 weeks ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/#:~:text=Start%20an%20investigation%20with%20Amazon%20Detective
upvoted 7 times
...
Davidng88
Most Recent 4 weeks, 1 day ago
Selected Answer: B
Read-only credentials ensure that the investigation does not inadvertently affect the production application. Reviewing the GuardDuty finding helps identify the specific IAM credentials and API calls involved. Amazon Detective provides a comprehensive analysis of the API calls in context, allowing for a deeper investigation into the anomalous behavior123. This approach balances thorough investigation with minimal impact on the production environment
upvoted 1 times
...
Raphaello
7 months, 4 weeks ago
Selected Answer: B
Using CloudTrail (Insights & Lake) is not entirely wrong for the the aforementioned case, however, since the ask is to analyze the events "QUICKLY", I think Detective provides a good integration with GuardDuty to correlate data and analyze them. I would go with B only for this.."quickly"!
upvoted 2 times
...
Aamee
10 months ago
Selected Answer: B
Option B since Detective is integrated with GuardDuty by native... contrast to option D where Insights and Lake are NA to GuardDuty..
upvoted 2 times
...
Daniel76
10 months, 3 weeks ago
Selected Answer: B
A. Read-only login should not allow user to add DenyAllPolicy. C. Add DenyAllPolicy to the principal is very intrusive intervention. D. Use AWS CloudTrail Insights and AWS CloudTrail Lake are not integrated with GuardDuty (as opposed to AWS Detective) hence it might lack correlationship
upvoted 1 times
...
lalee2
11 months, 1 week ago
Selected Answer: B
'Qs says collect and analyze the info' read-only credential is enough. Detective provides API activities.
upvoted 2 times
...
KR693
11 months, 2 weeks ago
Option B
upvoted 1 times
...
Lunga778
11 months, 3 weeks ago
correct answer is be https://aws.amazon.com/blogs/aws/new-aws-cloudtrail-lake-supports-ingesting-activity-events-from-non-aws-sources/ https://aws.amazon.com/about-aws/whats-new/2019/11/aws-cloudtrail-announces-cloudtrail-insights/
upvoted 1 times
Lunga778
11 months, 3 weeks ago
i mean is D
upvoted 1 times
...
...
100fold
11 months, 3 weeks ago
Selected Answer: B
Answer B
upvoted 1 times
...
AgboolaKun
11 months, 3 weeks ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel