ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 9 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 9
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has an AWS account that hosts a production application. The company receives an email notification that Amazon GuardDuty has detected an Impact:IAMUser/AnomalousBehavior finding in the account. A security engineer needs to run the investigation playbook for this security incident and must collect and analyze the information without affecting the application.
Which solution will meet these requirements MOST quickly?

  • A. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding for details about the IAM credentials that were used. Use the IAM console to add a DenyAll policy to the IAM principal.
  • B. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding to determine which API calls initiated the finding. Use Amazon Detective to review the API calls in context.
  • C. Log in to the AWS account by using administrator credentials. Review the GuardDuty finding for details about the IAM credentials that were used. Use the IAM console to add a DenyAll policy to the IAM principal.
  • D. Log in to the AWS account by using read-only credentials. Review the GuardDuty finding to determine which API calls initiated the finding. Use AWS CloudTrail Insights and AWS CloudTrail Lake to review the API calls in context.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AgboolaKun at Oct. 15, 2023, 8:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pupsik
Highly Voted 1 year, 4 months ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/#:~:text=Start%20an%20investigation%20with%20Amazon%20Detective
upvoted 9 times
...
Davidng88
Most Recent 5 months, 4 weeks ago
Selected Answer: B
Read-only credentials ensure that the investigation does not inadvertently affect the production application. Reviewing the GuardDuty finding helps identify the specific IAM credentials and API calls involved. Amazon Detective provides a comprehensive analysis of the API calls in context, allowing for a deeper investigation into the anomalous behavior123. This approach balances thorough investigation with minimal impact on the production environment
upvoted 1 times
...
Raphaello
1 year ago
Selected Answer: B
Using CloudTrail (Insights & Lake) is not entirely wrong for the the aforementioned case, however, since the ask is to analyze the events "QUICKLY", I think Detective provides a good integration with GuardDuty to correlate data and analyze them. I would go with B only for this.."quickly"!
upvoted 3 times
...
Aamee
1 year, 3 months ago
Selected Answer: B
Option B since Detective is integrated with GuardDuty by native... contrast to option D where Insights and Lake are NA to GuardDuty..
upvoted 2 times
...
Daniel76
1 year, 3 months ago
Selected Answer: B
A. Read-only login should not allow user to add DenyAllPolicy. C. Add DenyAllPolicy to the principal is very intrusive intervention. D. Use AWS CloudTrail Insights and AWS CloudTrail Lake are not integrated with GuardDuty (as opposed to AWS Detective) hence it might lack correlationship
upvoted 1 times
...
lalee2
1 year, 4 months ago
Selected Answer: B
'Qs says collect and analyze the info' read-only credential is enough. Detective provides API activities.
upvoted 2 times
...
KR693
1 year, 4 months ago
Option B
upvoted 1 times
...
Lunga778
1 year, 4 months ago
correct answer is be https://aws.amazon.com/blogs/aws/new-aws-cloudtrail-lake-supports-ingesting-activity-events-from-non-aws-sources/ https://aws.amazon.com/about-aws/whats-new/2019/11/aws-cloudtrail-announces-cloudtrail-insights/
upvoted 1 times
Lunga778
1 year, 4 months ago
i mean is D
upvoted 1 times
...
...
100fold
1 year, 4 months ago
Selected Answer: B
Answer B
upvoted 1 times
...
AgboolaKun
1 year, 4 months ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-you-can-use-amazon-guardduty-to-detect-suspicious-activity-within-your-aws-account/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago