ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 101 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 101
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer wants to use Amazon Simple Notification Service (Amazon SNS) to send email alerts to a company's security team for Amazon GuardDuty findings that have a High severity level. The security engineer also wants to deliver these findings to a visualization tool for further examination.

Which solution will meet these requirements?

  • A. Set up GuardDuty to send notifications to an Amazon CloudWatch alarm with two targets in CloudWatch. From CloudWatch, stream the findings through Amazon Kinesis Data Streams into an Amazon Open Search Service domain as the first target for delivery. Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for the CloudWatch alarm. Use event pattern matching with an Amazon EventBridge event rule to send only High severity findings in the alerts.
  • B. Set up GuardDuty to send notifications to AWS CloudTrail with two targets in CloudTrail. From CloudTrail, stream the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as the first target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for CloudTrail. Use event pattern matching with a CloudTrail event rule to send only High severity findings in the alerts.
  • C. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge, stream the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as the first target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings in the alerts.
  • D. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge, stream the findings through Amazon Kinesis Data Streams into an Amazon OpenSearch Service domain as the first target for delivery. Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings in the alerts.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by oioi at Nov. 23, 2023, 9:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mynickc
1 year, 1 month ago
Selected Answer: C
D is not right because you need to perform a few activities to establish connection b/w Opensearch and QuickSight which is missing in choice D
upvoted 1 times
...
vikasj1in
1 year, 1 month ago
Selected Answer: C
This option involves using EventBridge to handle the GuardDuty findings and then routing them to two targets: Streaming the findings through Kinesis Data Firehose into an Amazon OpenSearch Service domain for visualization. Sending email alerts to the security team via SNS, with event pattern matching to filter only high severity findings. This approach leverages the flexibility of EventBridge to manage the workflow and routing of events to different services based on specific criteria.
upvoted 1 times
...
happy34
1 year, 1 month ago
C - it filters only High alerts.
upvoted 1 times
...
WeepingMaplte
1 year, 2 months ago
https://github.com/aws-samples/siem-on-amazon-opensearch-service
upvoted 1 times
...
dexterryu
1 year, 2 months ago
D is correct due to Quicksight which is AWS's preferred visualization tool. The blog linked below is dated (from 2018), and while still valid not the best way to do visualization in AWS. You can still use the OS querry in Quicksight. https://docs.aws.amazon.com/quicksight/latest/user/connecting-to-os.html
upvoted 1 times
happy34
1 year, 1 month ago
Quick sight works with Cloudwatch Open Seach has its own dashboard. Not sure if Quicksight works with OpenSearch
upvoted 1 times
...
...
Daniel76
1 year, 2 months ago
Selected Answer: C
According to this AWS article, it is GuardDuty -> EventBrdige -> Firehouse -> OpenSearch -> OpenSearch visualization. https://aws.amazon.com/blogs/security/visualizing-amazon-guardduty-findings/
upvoted 4 times
...
tayman
1 year, 2 months ago
Selected Answer: C
Vote for C
upvoted 1 times
...
ykhan321
1 year, 2 months ago
Selected Answer: D
QuickSight is the hint for Visualization.
upvoted 2 times
hb0011
6 months ago
Opensearch Dashboards is better for this use case. The Answer is C
upvoted 1 times
...
...
azure4life
1 year, 2 months ago
Selected Answer: D
Option D is the correct solution. GuardDuty can send findings to Amazon EventBridge. EventBridge can then stream to targets like Kinesis Data Streams to process and store the findings, and SNS to send email alerts. Using EventBridge event pattern matching allows filtering findings based on properties like severity. Kinesis Data Streams can feed findings into OpenSearch Service. OpenSearch Dashboards or Amazon QuickSight can visualize the findings, while OpenSearch queries can provide analysis. Option A is incorrect because GuardDuty integrates with EventBridge, not CloudWatch Alarms. Option B is incorrect because GuardDuty integrates with EventBridge, not CloudTrail. Option C is incorrect because Kinesis Data Firehose would not allow querying and analysis of findings - Kinesis Data Streams enables this with OpenSearch.
upvoted 1 times
Th3Dud3
1 year, 1 month ago
(C) - Kinesis Data *Streams* can't send to OpenSearch...
upvoted 2 times
...
...
Egle
1 year, 2 months ago
Selected Answer: C
correct
upvoted 1 times
...
kejam
1 year, 3 months ago
Selected Answer: C
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-sns https://aws.amazon.com/blogs/big-data/audit-aws-service-events-with-amazon-eventbridge-and-amazon-kinesis-data-firehose/ https://aws.amazon.com/blogs/big-data/ingest-streaming-data-into-amazon-elasticsearch-service-within-the-privacy-of-your-vpc-with-amazon-kinesis-data-firehose/
upvoted 4 times
...
[Removed]
1 year, 3 months ago
Selected Answer: C
C gets the job done
upvoted 1 times
...
oioi
1 year, 3 months ago
Selected Answer: C
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago