exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 40 discussion

A company recently had a security audit in which the auditors identified multiple potential threats. These potential threats can cause usage pattern changes such as DNS access peak, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls. The threats can come from different sources and can occur at any time. The company needs to implement a solution to continuously monitor its system and identify all these incoming threats in near-real time.
Which solution will meet these requirements?

  • A. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon CloudWatch Logs to manage these logs from a centralized account.
  • B. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon Macie to monitor these logs from a centralized account.
  • C. Enable Amazon GuardDuty from a centralized account. Use GuardDuty to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.
  • D. Enable Amazon Inspector from a centralized account. Use Amazon Inspector to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
100fold
Highly Voted 1 year, 1 month ago
Selected Answer: C
Answer C
upvoted 6 times
...
723993f
Most Recent 1 week, 2 days ago
Selected Answer: C
Absolutely hate the wording here, unnecessary confusion. Guardduty doesn't "manage" logs, but yes its C.
upvoted 1 times
...
[Removed]
3 months ago
Amazon GuardDuty is a fully managed threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and unauthorized behavior. It uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Near-Real-Time Monitoring: GuardDuty is designed to analyze data sources like AWS CloudTrail logs, VPC flow logs, and DNS logs in near-real-time. It can detect unusual patterns such as DNS access peaks, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls, which align with the threats identified during the security audit. Answer : C
upvoted 2 times
...
Raphaello
10 months ago
Selected Answer: C
GuardDuty (C)
upvoted 1 times
...
smanzana
10 months, 2 weeks ago
C- near-real time -> GuardDuty
upvoted 1 times
...
Daniel76
1 year ago
Selected Answer: C
Guardduty draw data sources from: AWS CloudTrail logs, VPC flow logs, and DNS logs https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html Only GuardDuty detects abnormal and unusual activities among all choices.
upvoted 4 times
...
Aamee
1 year ago
Selected Answer: C
Monitoring threats, abnormal traffic etc always leads towards GuardDuty.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...