exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 14 discussion

A company uses AWS Organizations and has production workloads across multiple AWS accounts. A security engineer needs to design a solution that will proactively monitor for suspicious behavior across all the accounts that contain production workloads.
The solution must automate remediation of incidents across the production accounts. The solution also must publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic when a critical security finding is detected. In addition, the solution must send all security incident logs to a dedicated account.
Which solution will meet these requirements?

  • A. Activate Amazon GuardDuty in each production account. In a dedicated logging account, aggregate all GuardDuty logs from each production account. Remediate incidents by configuring GuardDuty to directly invoke an AWS Lambda function. Configure the Lambda function to also publish notifications to the SNS topic.
  • B. Activate AWS Security Hub in each production account. In a dedicated logging account, aggregate all Security Hub findings from each production account. Remediate incidents by using AWS Config and AWS Systems Manager. Configure Systems Manager to also publish notifications to the SNS topic.
  • C. Activate Amazon GuardDuty in each production account. In a dedicated logging account, aggregate all GuardDuty logs from each production account. Remediate incidents by using Amazon EventBridge to invoke a custom AWS Lambda function from the GuardDuty findings. Configure the Lambda function to also publish notifications to the SNS topic.
  • D. Activate AWS Security Hub in each production account. In a dedicated logging account, aggregate all Security Hub findings from each production account. Remediate incidents by using Amazon EventBridge to invoke a custom AWS Lambda function from the Security Hub findings. Configure the Lambda function to also publish notifications to the SNS topic.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
DeaconStJohn
1 month, 1 week ago
Selected Answer: D
This question has had me going back and forth for days. I use Stephane Maareks course and AWS docs as my sources. The bits I am getting tripped up by: 1. The question is not specifically about guard duty. For Security Hub to be enabled we can ascertain that AWS config has been enabled. Config rules could trigger findings. Security Hub can remediate this. 2. Option C says Guard Duty logs. Is this correct? Other options explicitly state "findings." Guard duty monitors various logs and pushes findings to Eventbridge. In Stephane Maarek's course, he has this exact architecture for Security hub remediation.
upvoted 1 times
...
bukkanni
3 months ago
Security Hub serves as a central repository to store security findings from various services including Guard Duty. Option C limits security findings ONLY to Guard Duty. The requirement is to alert for any security finding and not just those from Guard Duty. D is more appropriate in my opinion.
upvoted 2 times
hb0011
3 months ago
I think the writer of the test would say you can't assume gaurdduty is enabled in D and security hub can't do it by itself. It would rely on gaurdduty. But I really don't know what they're looking for here.
upvoted 1 times
...
...
FunkyFresco
3 months, 2 weeks ago
Selected Answer: C
Option C fits.
upvoted 1 times
...
Almo89
5 months ago
Selected Answer: D
Difficult one, D could also be correct. Securityhub can trigger remediation and sns from different sources (cloudwatch, guardduty) Securityhub depends of guardduty. But guardduty depends of cloudwatch as well. Securityhub has a predefined remediation based on best practice. C and D are correct, question doesn't specify/differentiates
upvoted 1 times
...
hro
8 months, 2 weeks ago
B C never addresses Remediation and why would you Configure the Lambda function to also publish notifications to the SNS topic when Security Hub works with AWS Config and AWS Systems Manager and push notificiations? The answer is B
upvoted 1 times
Josh1217
8 months, 2 weeks ago
GuardDuty can't directly invoke Lambda. Option C addresses remediation. Read the option properly.
upvoted 2 times
...
...
Raphaello
11 months, 4 weeks ago
Best answer is C One would not need SecurityHub to launch a response to GuardDuty finding. SecurityHub is security posture management tool, but without it GuardDuty can still responds to findings. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html
upvoted 1 times
...
Daniel76
1 year ago
Selected Answer: C
Security Hub by itself does not detect suspicious activity, but GuardDuty. Eventbridge rule is required to trigger remediation actions and SNS topic.
upvoted 4 times
...
[Removed]
1 year, 1 month ago
Selected Answer: C
SecurityHub checks posture. GuardDuty monitors for malicious activity.
upvoted 2 times
...
[Removed]
1 year, 1 month ago
It's C. SecurityHub checks posture. GuardDuty monitors for malicious activity.
upvoted 1 times
...
lalee2
1 year, 1 month ago
Selected Answer: C
Option C responds to all requirements; automate remediation, notification via SNS, send logs to a dedicated account
upvoted 1 times
...
bhui
1 year, 1 month ago
I would say it is C as Guardduty must be turned on even for the security hub options. Also you can aggregate GuardDuty Findings and trigger Events. https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/ https://repost.aws/knowledge-center/guardduty-eventbridge-sns-rule
upvoted 3 times
...
pupsik
1 year, 1 month ago
Selected Answer: C
Agree, it is C
upvoted 1 times
...
KR693
1 year, 1 month ago
Option C
upvoted 1 times
...
Sumi81
1 year, 1 month ago
Answer is C
upvoted 1 times
...
100fold
1 year, 1 month ago
Selected Answer: C
Answer C https://www.youtube.com/watch?v=RGNMkhaT_GY
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...