Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 31 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 31
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has hundreds of AWS accounts in an organization in AWS Organizations. The company operates out of a single AWS Region. The company has a dedicated security tooling AWS account in the organization. The security tooling account is configured as the organization's delegated administrator for Amazon GuardDuty and AWS Security Hub. The company has configured the environment to automatically enable GuardDuty and Security Hub for existing AWS accounts and new AWS accounts.
The company is performing control tests on specific GuardDuty findings to make sure that the company's security team can detect and respond to security events. The security team launched an Amazon EC2 instance and attempted to run DNS requests against a test domain, example.com, to generate a DNS finding. However, the GuardDuty finding was never created in the Security Hub delegated administrator account.
Why was the finding was not created in the Security Hub delegated administrator account?

  • A. VPC flow logs were not turned on for the VPC where the EC2 instance was launched.
  • B. The VPC where the EC2 instance was launched had the DHCP option configured for a custom OpenDNS resolver.
  • C. The GuardDuty integration with Security Hub was never activated in the AWS account where the finding was generated.
  • D. Cross-Region aggregation in Security Hub was not configured.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by bannium at Oct. 29, 2023, 12:53 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 10 months, 2 weeks ago
Selected Answer: B
Guardduty cannot detect DNS requests if a custom resolver is setup See below: https://repost.aws/knowledge-center/guardduty-finding-types#:~:text=Note%3A%20GuardDuty%20only%20processes%20DNS%20logs%20if%20you%20use%20the%20default%20VPC%20DNS%20resolver.%20All%20other%20types%20of%20DNS%20resolvers%20won%27t%20generated%20DNS%20based%20findings.
upvoted 6 times
Daniel76
10 months, 1 week ago
"GuardDuty only processes DNS logs if you use the default VPC DNS resolver. All other types of DNS resolvers won't generated DNS based findings."
upvoted 6 times
...
...
Davidng88
Most Recent 4 weeks ago
Selected Answer: B
AWS GuardDuty only detects DNS queries to Amazon provided DNS resolver only. VPC flow not required for GuardDuty DNS, there will be no GuardDuty finding if GuardDuty not integrated with Security Hub, and only reside in one Region.
upvoted 1 times
...
Sodev
6 months ago
Why not A. Backdoor:EC2/DenialOfService.Dns finding , evaluate VPC Flow logs, it it disable nothing to do lol
upvoted 1 times
...
hro
6 months, 2 weeks ago
C... GuardDuty can access and process your request and response DNS logs through the internal ... Im going with C - it more likely that someone in the security team didnt activate Security Hub for the delegated admin account than any other of the answers.
upvoted 1 times
...
hro
6 months, 3 weeks ago
C - Im going with this answer. GuardDuty can access and process DNS logs through AWS DNS resolvers, such as Amazon Route 53, if the EC2 instances use them
upvoted 1 times
...
arvehisa
7 months ago
I don't understand why guardduty should generate a finding against a test dns query.
upvoted 1 times
...
mynickc
8 months, 3 weeks ago
Selected Answer: B
B is correct. https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-internal-providers.html#integration-amazon-guardduty
upvoted 1 times
...
CloudRover
9 months ago
Selected Answer: B
"GuardDuty only processes DNS logs if you use the default VPC DNS resolver. All other types of DNS resolvers won't generated DNS based findings." As Daniel76 pointed out, this is the correct answer.
upvoted 3 times
...
trashbox
9 months, 3 weeks ago
Exam on 2023-12-18
upvoted 1 times
...
Raphaello
9 months, 3 weeks ago
Selected Answer: D
Going with D. https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation-enable.html#finding-aggregation-enable-console
upvoted 1 times
Raphaello
7 months, 2 weeks ago
Correction: correct answer is B. Missed that in the scenario the company operates from a single region, additionally, without using Route53 resolver and DNS query logs, GuardDuty would not be able to produce DNS findings.
upvoted 1 times
...
KaiW
9 months, 1 week ago
but didn't the question said that the company operates out of a single region?
upvoted 1 times
...
...
kejam
11 months ago
Selected Answer: D
Choosing D through a process of elimination. A. VPC flow logs are not required to be turned on. https://aws.amazon.com/guardduty/faqs/ B. Custom DNS resolver? GuardDuty should have picked that up from the VPC flow logs: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdnsresolver C. GuardDuty and Security Hub integration is enabled automatically: https://docs.aws.amazon.com/guardduty/latest/ug/securityhub-integration.html#securityhub-integration-enable D. Cross-Region aggregation. Regions weren't mentioned in the question, but it is the only possible answer left. https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html
upvoted 1 times
kejam
10 months, 1 week ago
Just noticed "The company operates out of a single AWS Region." So changing my answer to none of the above ;-)
upvoted 1 times
...
...
bannium
11 months, 1 week ago
Selected Answer: B
> Note: GuardDuty only processes DNS logs if you use the default VPC DNS resolver. All other types of DNS resolvers won't generated DNS based findings. https://repost.aws/knowledge-center/guardduty-finding-types
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel