ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 90 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 90
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions as possible.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

  • A. Turn on VPC Flow Logs for all VPCs in the account.
  • B. Activate Amazon GuardDuty across all AWS Regions.
  • C. Activate Amazon Detective across all AWS Regions.
  • D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that responds to findings and publishes the findings to the SNS topic.
  • E. Create an AWS Lambda function. Create an Amazon EventBridge rule that invokes the Lambda function to publish findings to Amazon Simple Email Service (Amazon SES).
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by oioi at Nov. 23, 2023, 9:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AgboolaKun
Highly Voted 1 year, 3 months ago
Selected Answer: BD
BD are the correct options here. The keywords here are "developing an incident response plan to detect suspicious activity". There is no better way to develop incident response plan without providing a way for the relevant stakeholders to take actions or respond to suspicious activities. B is an obvious option because GuardDuty can monitor and analyze API calls across all AWS Regions, and network activities found in Amazon CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. Therefore, option A is not needed since GuardDuty monitoring activities include the VPC Flow Logs. There is no better way to respond to the findings generated by GuardDuty than the services described in option D.
upvoted 9 times
61cfe5f
7 months ago
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#guardduty_vpc "When you enable GuardDuty, it immediately starts analyzing your VPC flow logs from Amazon EC2 instances within your account. It consumes VPC flow log events directly from the VPC Flow Logs feature through an independent and duplicative stream of flow logs. This process does not affect any of your existing flow logs configuration."
upvoted 2 times
IPLogic
3 months ago
So you have turn on the VPC Flow Logs. its A.
upvoted 1 times
TareDHakim
2 months, 1 week ago
No you don't need to enable it for Guard Duty will stream those regardless if you enable it or not.
upvoted 1 times
...
...
...
Aamee
1 year, 3 months ago
Ok, but why the Detective svc. wasn't a good choice here as it's for developing an incident response plan to 'detect' right?... Agree with option D on the other hand cuz it makes sense..
upvoted 1 times
...
...
navid1365
Highly Voted 9 months, 3 weeks ago
Selected Answer: AB
A and B are correct for sure. The question does not mention anything about "notifications" or "communications", so D is incorrect. A is correct because the question mentions visibility and detection. You get visibility into network traffic with VPC flow logs. B is correct because because we need to "detection" threats. GaurdDuty is a threat detection capability.
upvoted 5 times
...
GDuque
Most Recent 1 month, 3 weeks ago
Selected Answer: AB
Using SNS + Evenbridge does not seem the most analytical and proper way to do it. It does not contribute to detect threats by itself. I think Guarduty + VPC flows is much more cost effective and straitghtforward solution. And with VPC flows you must only pay for data storage.
upvoted 1 times
...
TareDHakim
2 months, 1 week ago
Selected Answer: BD
You don't need to enable VPC flow logs for Amazon GuardDuty because GuardDuty already pulls data from VPC Flow Logs. GuardDuty is a threat detection service that monitors for malicious activity in AWS accounts and workloads. It integrates with other AWS security services, including: Amazon CloudTrail, Amazon VPC flow Logs, and AWS WAF.
upvoted 1 times
TareDHakim
2 months, 1 week ago
https://aws.amazon.com/guardduty/faqs/#:~:text=No%2C%20GuardDuty%20pulls%20independent%20data%20streams%20directly%20from%20CloudTrail
upvoted 1 times
...
...
IPLogic
3 months ago
Selected Answer: AB
The most cost-effective combination of steps to meet these requirements. A. Turn on VPC Flow Logs for all VPCs in the account. B. Activate Amazon GuardDuty across all AWS Regions. VPC Flow Logs provides detailed visibility into network traffic with your VPs. This is a cost effective way to monitor and log network activity, which is important for detecting suspicious behaviour. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious activity and unauthorized behaviour. Activating across all AWS regions ensures comprehensive coverage and visibility into potential security threats.
upvoted 1 times
...
minTwin
10 months, 1 week ago
Selected Answer: BD
B and D seems like the most straightforward and cost effective solution
upvoted 1 times
...
lightrod
1 year ago
Selected Answer: BD
GuardDuty analyzes VPC flow logs regardless of if you have turned them on or not
upvoted 3 times
...
rahav
1 year, 2 months ago
Selected Answer: BD
VPC Flow logs are very expensive.... Guardduty is the right tool to do that with eventbridge
upvoted 1 times
...
WeepingMaplte
1 year, 2 months ago
Selected Answer: BD
A. Turn on VPC Flow Logs for all VPCs in the account: While VPC Flow Logs offer detailed information about network traffic, analyzing and storing logs for all VPCs across Regions can incur significant storage and processing costs. C. Activate Amazon Detective across all AWS Regions: Detective focuses on root cause analysis and investigation, which might be overkill for initial detection and notification. Additionally, its per-hour billing model can quickly become expensive for continuous monitoring across multiple Regions. E. Create an AWS Lambda function for publishing findings to SES: While Lambda offers flexibility, creating and maintaining a custom Lambda function specifically for publishing findings can add development and operational overhead compared to the readily available options with EventBridge and SNS.
upvoted 1 times
...
Aamee
1 year, 3 months ago
Selected Answer: AB
AB options best suited. Self-explantory too.
upvoted 1 times
...
[Removed]
1 year, 3 months ago
Selected Answer: AB
AB are correcto
upvoted 1 times
...
oioi
1 year, 3 months ago
Selected Answer: AB
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago