exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 90 discussion

A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions as possible.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

  • A. Turn on VPC Flow Logs for all VPCs in the account.
  • B. Activate Amazon GuardDuty across all AWS Regions.
  • C. Activate Amazon Detective across all AWS Regions.
  • D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that responds to findings and publishes the findings to the SNS topic.
  • E. Create an AWS Lambda function. Create an Amazon EventBridge rule that invokes the Lambda function to publish findings to Amazon Simple Email Service (Amazon SES).
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
AgboolaKun
Highly Voted 1 year ago
Selected Answer: BD
BD are the correct options here. The keywords here are "developing an incident response plan to detect suspicious activity". There is no better way to develop incident response plan without providing a way for the relevant stakeholders to take actions or respond to suspicious activities. B is an obvious option because GuardDuty can monitor and analyze API calls across all AWS Regions, and network activities found in Amazon CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. Therefore, option A is not needed since GuardDuty monitoring activities include the VPC Flow Logs. There is no better way to respond to the findings generated by GuardDuty than the services described in option D.
upvoted 8 times
61cfe5f
4 months ago
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#guardduty_vpc "When you enable GuardDuty, it immediately starts analyzing your VPC flow logs from Amazon EC2 instances within your account. It consumes VPC flow log events directly from the VPC Flow Logs feature through an independent and duplicative stream of flow logs. This process does not affect any of your existing flow logs configuration."
upvoted 2 times
IPLogic
4 days ago
So you have turn on the VPC Flow Logs. its A.
upvoted 1 times
...
...
Aamee
1 year ago
Ok, but why the Detective svc. wasn't a good choice here as it's for developing an incident response plan to 'detect' right?... Agree with option D on the other hand cuz it makes sense..
upvoted 1 times
...
...
navid1365
Highly Voted 6 months, 3 weeks ago
Selected Answer: AB
A and B are correct for sure. The question does not mention anything about "notifications" or "communications", so D is incorrect. A is correct because the question mentions visibility and detection. You get visibility into network traffic with VPC flow logs. B is correct because because we need to "detection" threats. GaurdDuty is a threat detection capability.
upvoted 5 times
...
IPLogic
Most Recent 4 days ago
Selected Answer: AB
The most cost-effective combination of steps to meet these requirements. A. Turn on VPC Flow Logs for all VPCs in the account. B. Activate Amazon GuardDuty across all AWS Regions. VPC Flow Logs provides detailed visibility into network traffic with your VPs. This is a cost effective way to monitor and log network activity, which is important for detecting suspicious behaviour. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious activity and unauthorized behaviour. Activating across all AWS regions ensures comprehensive coverage and visibility into potential security threats.
upvoted 1 times
...
minTwin
7 months, 1 week ago
Selected Answer: BD
B and D seems like the most straightforward and cost effective solution
upvoted 1 times
...
lightrod
10 months ago
Selected Answer: BD
GuardDuty analyzes VPC flow logs regardless of if you have turned them on or not
upvoted 3 times
...
rahav
11 months, 2 weeks ago
Selected Answer: BD
VPC Flow logs are very expensive.... Guardduty is the right tool to do that with eventbridge
upvoted 1 times
...
WeepingMaplte
11 months, 3 weeks ago
Selected Answer: BD
A. Turn on VPC Flow Logs for all VPCs in the account: While VPC Flow Logs offer detailed information about network traffic, analyzing and storing logs for all VPCs across Regions can incur significant storage and processing costs. C. Activate Amazon Detective across all AWS Regions: Detective focuses on root cause analysis and investigation, which might be overkill for initial detection and notification. Additionally, its per-hour billing model can quickly become expensive for continuous monitoring across multiple Regions. E. Create an AWS Lambda function for publishing findings to SES: While Lambda offers flexibility, creating and maintaining a custom Lambda function specifically for publishing findings can add development and operational overhead compared to the readily available options with EventBridge and SNS.
upvoted 1 times
...
Aamee
1 year ago
Selected Answer: AB
AB options best suited. Self-explantory too.
upvoted 1 times
...
[Removed]
1 year ago
Selected Answer: AB
AB are correcto
upvoted 1 times
...
oioi
1 year ago
Selected Answer: AB
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...