Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 101 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 101
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer wants to use Amazon Simple Notification Service (Amazon SNS) to send email alerts to a company's security team for Amazon GuardDuty findings that have a High severity level. The security engineer also wants to deliver these findings to a visualization tool for further examination.

Which solution will meet these requirements?

  • A. Set up GuardDuty to send notifications to an Amazon CloudWatch alarm with two targets in CloudWatch. From CloudWatch, stream the findings through Amazon Kinesis Data Streams into an Amazon Open Search Service domain as the first target for delivery. Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for the CloudWatch alarm. Use event pattern matching with an Amazon EventBridge event rule to send only High severity findings in the alerts.
  • B. Set up GuardDuty to send notifications to AWS CloudTrail with two targets in CloudTrail. From CloudTrail, stream the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as the first target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for CloudTrail. Use event pattern matching with a CloudTrail event rule to send only High severity findings in the alerts.
  • C. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge, stream the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as the first target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings in the alerts.
  • D. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge, stream the findings through Amazon Kinesis Data Streams into an Amazon OpenSearch Service domain as the first target for delivery. Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings in the alerts.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by oioi at Nov. 23, 2023, 9:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
mynickc
8 months, 1 week ago
Selected Answer: C
D is not right because you need to perform a few activities to establish connection b/w Opensearch and QuickSight which is missing in choice D
upvoted 1 times
...
vikasj1in
8 months, 3 weeks ago
Selected Answer: C
This option involves using EventBridge to handle the GuardDuty findings and then routing them to two targets: Streaming the findings through Kinesis Data Firehose into an Amazon OpenSearch Service domain for visualization. Sending email alerts to the security team via SNS, with event pattern matching to filter only high severity findings. This approach leverages the flexibility of EventBridge to manage the workflow and routing of events to different services based on specific criteria.
upvoted 1 times
...
happy34
9 months ago
C - it filters only High alerts.
upvoted 1 times
...
WeepingMaplte
9 months, 1 week ago
https://github.com/aws-samples/siem-on-amazon-opensearch-service
upvoted 1 times
...
dexterryu
9 months, 2 weeks ago
D is correct due to Quicksight which is AWS's preferred visualization tool. The blog linked below is dated (from 2018), and while still valid not the best way to do visualization in AWS. You can still use the OS querry in Quicksight. https://docs.aws.amazon.com/quicksight/latest/user/connecting-to-os.html
upvoted 1 times
happy34
8 months, 3 weeks ago
Quick sight works with Cloudwatch Open Seach has its own dashboard. Not sure if Quicksight works with OpenSearch
upvoted 1 times
...
...
Daniel76
9 months, 2 weeks ago
Selected Answer: C
According to this AWS article, it is GuardDuty -> EventBrdige -> Firehouse -> OpenSearch -> OpenSearch visualization. https://aws.amazon.com/blogs/security/visualizing-amazon-guardduty-findings/
upvoted 4 times
...
tayman
9 months, 2 weeks ago
Selected Answer: C
Vote for C
upvoted 1 times
...
ykhan321
9 months, 2 weeks ago
Selected Answer: D
QuickSight is the hint for Visualization.
upvoted 2 times
hb0011
1 month ago
Opensearch Dashboards is better for this use case. The Answer is C
upvoted 1 times
...
...
azure4life
9 months, 3 weeks ago
Selected Answer: D
Option D is the correct solution. GuardDuty can send findings to Amazon EventBridge. EventBridge can then stream to targets like Kinesis Data Streams to process and store the findings, and SNS to send email alerts. Using EventBridge event pattern matching allows filtering findings based on properties like severity. Kinesis Data Streams can feed findings into OpenSearch Service. OpenSearch Dashboards or Amazon QuickSight can visualize the findings, while OpenSearch queries can provide analysis. Option A is incorrect because GuardDuty integrates with EventBridge, not CloudWatch Alarms. Option B is incorrect because GuardDuty integrates with EventBridge, not CloudTrail. Option C is incorrect because Kinesis Data Firehose would not allow querying and analysis of findings - Kinesis Data Streams enables this with OpenSearch.
upvoted 1 times
Th3Dud3
9 months ago
(C) - Kinesis Data *Streams* can't send to OpenSearch...
upvoted 2 times
...
...
Egle
10 months ago
Selected Answer: C
correct
upvoted 1 times
...
kejam
10 months, 1 week ago
Selected Answer: C
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-sns https://aws.amazon.com/blogs/big-data/audit-aws-service-events-with-amazon-eventbridge-and-amazon-kinesis-data-firehose/ https://aws.amazon.com/blogs/big-data/ingest-streaming-data-into-amazon-elasticsearch-service-within-the-privacy-of-your-vpc-with-amazon-kinesis-data-firehose/
upvoted 4 times
...
[Removed]
10 months, 2 weeks ago
Selected Answer: C
C gets the job done
upvoted 1 times
...
oioi
10 months, 2 weeks ago
Selected Answer: C
correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel