ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 40 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 40
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company recently had a security audit in which the auditors identified multiple potential threats. These potential threats can cause usage pattern changes such as DNS access peak, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls. The threats can come from different sources and can occur at any time. The company needs to implement a solution to continuously monitor its system and identify all these incoming threats in near-real time.
Which solution will meet these requirements?

  • A. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon CloudWatch Logs to manage these logs from a centralized account.
  • B. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon Macie to monitor these logs from a centralized account.
  • C. Enable Amazon GuardDuty from a centralized account. Use GuardDuty to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.
  • D. Enable Amazon Inspector from a centralized account. Use Amazon Inspector to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 100fold at Oct. 19, 2023, 6:42 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
100fold
Highly Voted 1 year, 5 months ago
Selected Answer: C
Answer C
upvoted 6 times
...
c6ed25a
Most Recent 2 weeks, 4 days ago
Selected Answer: C
Guard Duty is used to analysis of VPC flow logs, cloud trail logs and dns logs
upvoted 1 times
...
723993f
4 months, 2 weeks ago
Selected Answer: C
Absolutely hate the wording here, unnecessary confusion. Guardduty doesn't "manage" logs, but yes its C.
upvoted 1 times
...
[Removed]
7 months, 1 week ago
Amazon GuardDuty is a fully managed threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and unauthorized behavior. It uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Near-Real-Time Monitoring: GuardDuty is designed to analyze data sources like AWS CloudTrail logs, VPC flow logs, and DNS logs in near-real-time. It can detect unusual patterns such as DNS access peaks, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls, which align with the threats identified during the security audit. Answer : C
upvoted 2 times
...
Raphaello
1 year, 2 months ago
Selected Answer: C
GuardDuty (C)
upvoted 1 times
...
smanzana
1 year, 2 months ago
C- near-real time -> GuardDuty
upvoted 1 times
...
Daniel76
1 year, 4 months ago
Selected Answer: C
Guardduty draw data sources from: AWS CloudTrail logs, VPC flow logs, and DNS logs https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html Only GuardDuty detects abnormal and unusual activities among all choices.
upvoted 4 times
...
Aamee
1 year, 4 months ago
Selected Answer: C
Monitoring threats, abnormal traffic etc always leads towards GuardDuty.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago