Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 90 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 90
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions as possible.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

  • A. Turn on VPC Flow Logs for all VPCs in the account.
  • B. Activate Amazon GuardDuty across all AWS Regions.
  • C. Activate Amazon Detective across all AWS Regions.
  • D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that responds to findings and publishes the findings to the SNS topic.
  • E. Create an AWS Lambda function. Create an Amazon EventBridge rule that invokes the Lambda function to publish findings to Amazon Simple Email Service (Amazon SES).
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by oioi at Nov. 23, 2023, 9:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
AgboolaKun
Highly Voted 10 months, 1 week ago
Selected Answer: BD
BD are the correct options here. The keywords here are "developing an incident response plan to detect suspicious activity". There is no better way to develop incident response plan without providing a way for the relevant stakeholders to take actions or respond to suspicious activities. B is an obvious option because GuardDuty can monitor and analyze API calls across all AWS Regions, and network activities found in Amazon CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. Therefore, option A is not needed since GuardDuty monitoring activities include the VPC Flow Logs. There is no better way to respond to the findings generated by GuardDuty than the services described in option D.
upvoted 8 times
61cfe5f
2 months ago
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#guardduty_vpc "When you enable GuardDuty, it immediately starts analyzing your VPC flow logs from Amazon EC2 instances within your account. It consumes VPC flow log events directly from the VPC Flow Logs feature through an independent and duplicative stream of flow logs. This process does not affect any of your existing flow logs configuration."
upvoted 2 times
...
Aamee
10 months, 1 week ago
Ok, but why the Detective svc. wasn't a good choice here as it's for developing an incident response plan to 'detect' right?... Agree with option D on the other hand cuz it makes sense..
upvoted 1 times
...
...
navid1365
Most Recent 4 months, 3 weeks ago
Selected Answer: AB
A and B are correct for sure. The question does not mention anything about "notifications" or "communications", so D is incorrect. A is correct because the question mentions visibility and detection. You get visibility into network traffic with VPC flow logs. B is correct because because we need to "detection" threats. GaurdDuty is a threat detection capability.
upvoted 4 times
...
minTwin
5 months, 1 week ago
Selected Answer: BD
B and D seems like the most straightforward and cost effective solution
upvoted 1 times
...
lightrod
8 months ago
Selected Answer: BD
GuardDuty analyzes VPC flow logs regardless of if you have turned them on or not
upvoted 3 times
...
rahav
9 months, 2 weeks ago
Selected Answer: BD
VPC Flow logs are very expensive.... Guardduty is the right tool to do that with eventbridge
upvoted 1 times
...
WeepingMaplte
9 months, 3 weeks ago
Selected Answer: BD
A. Turn on VPC Flow Logs for all VPCs in the account: While VPC Flow Logs offer detailed information about network traffic, analyzing and storing logs for all VPCs across Regions can incur significant storage and processing costs. C. Activate Amazon Detective across all AWS Regions: Detective focuses on root cause analysis and investigation, which might be overkill for initial detection and notification. Additionally, its per-hour billing model can quickly become expensive for continuous monitoring across multiple Regions. E. Create an AWS Lambda function for publishing findings to SES: While Lambda offers flexibility, creating and maintaining a custom Lambda function specifically for publishing findings can add development and operational overhead compared to the readily available options with EventBridge and SNS.
upvoted 1 times
...
Aamee
10 months, 2 weeks ago
Selected Answer: AB
AB options best suited. Self-explantory too.
upvoted 1 times
...
[Removed]
10 months, 2 weeks ago
Selected Answer: AB
AB are correcto
upvoted 1 times
...
oioi
10 months, 2 weeks ago
Selected Answer: AB
correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel