exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 101 discussion

A security engineer wants to use Amazon Simple Notification Service (Amazon SNS) to send email alerts to a company's security team for Amazon GuardDuty findings that have a High severity level. The security engineer also wants to deliver these findings to a visualization tool for further examination.

Which solution will meet these requirements?

  • A. Set up GuardDuty to send notifications to an Amazon CloudWatch alarm with two targets in CloudWatch. From CloudWatch, stream the findings through Amazon Kinesis Data Streams into an Amazon Open Search Service domain as the first target for delivery. Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for the CloudWatch alarm. Use event pattern matching with an Amazon EventBridge event rule to send only High severity findings in the alerts.
  • B. Set up GuardDuty to send notifications to AWS CloudTrail with two targets in CloudTrail. From CloudTrail, stream the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as the first target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for CloudTrail. Use event pattern matching with a CloudTrail event rule to send only High severity findings in the alerts.
  • C. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge, stream the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as the first target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings in the alerts.
  • D. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge, stream the findings through Amazon Kinesis Data Streams into an Amazon OpenSearch Service domain as the first target for delivery. Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings in the alerts.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
mynickc
10 months, 1 week ago
Selected Answer: C
D is not right because you need to perform a few activities to establish connection b/w Opensearch and QuickSight which is missing in choice D
upvoted 1 times
...
vikasj1in
10 months, 3 weeks ago
Selected Answer: C
This option involves using EventBridge to handle the GuardDuty findings and then routing them to two targets: Streaming the findings through Kinesis Data Firehose into an Amazon OpenSearch Service domain for visualization. Sending email alerts to the security team via SNS, with event pattern matching to filter only high severity findings. This approach leverages the flexibility of EventBridge to manage the workflow and routing of events to different services based on specific criteria.
upvoted 1 times
...
happy34
11 months ago
C - it filters only High alerts.
upvoted 1 times
...
WeepingMaplte
11 months, 2 weeks ago
https://github.com/aws-samples/siem-on-amazon-opensearch-service
upvoted 1 times
...
dexterryu
11 months, 2 weeks ago
D is correct due to Quicksight which is AWS's preferred visualization tool. The blog linked below is dated (from 2018), and while still valid not the best way to do visualization in AWS. You can still use the OS querry in Quicksight. https://docs.aws.amazon.com/quicksight/latest/user/connecting-to-os.html
upvoted 1 times
happy34
10 months, 3 weeks ago
Quick sight works with Cloudwatch Open Seach has its own dashboard. Not sure if Quicksight works with OpenSearch
upvoted 1 times
...
...
Daniel76
11 months, 2 weeks ago
Selected Answer: C
According to this AWS article, it is GuardDuty -> EventBrdige -> Firehouse -> OpenSearch -> OpenSearch visualization. https://aws.amazon.com/blogs/security/visualizing-amazon-guardduty-findings/
upvoted 4 times
...
tayman
11 months, 2 weeks ago
Selected Answer: C
Vote for C
upvoted 1 times
...
ykhan321
11 months, 2 weeks ago
Selected Answer: D
QuickSight is the hint for Visualization.
upvoted 2 times
hb0011
3 months ago
Opensearch Dashboards is better for this use case. The Answer is C
upvoted 1 times
...
...
azure4life
11 months, 3 weeks ago
Selected Answer: D
Option D is the correct solution. GuardDuty can send findings to Amazon EventBridge. EventBridge can then stream to targets like Kinesis Data Streams to process and store the findings, and SNS to send email alerts. Using EventBridge event pattern matching allows filtering findings based on properties like severity. Kinesis Data Streams can feed findings into OpenSearch Service. OpenSearch Dashboards or Amazon QuickSight can visualize the findings, while OpenSearch queries can provide analysis. Option A is incorrect because GuardDuty integrates with EventBridge, not CloudWatch Alarms. Option B is incorrect because GuardDuty integrates with EventBridge, not CloudTrail. Option C is incorrect because Kinesis Data Firehose would not allow querying and analysis of findings - Kinesis Data Streams enables this with OpenSearch.
upvoted 1 times
Th3Dud3
11 months ago
(C) - Kinesis Data *Streams* can't send to OpenSearch...
upvoted 2 times
...
...
Egle
12 months ago
Selected Answer: C
correct
upvoted 1 times
...
kejam
1 year ago
Selected Answer: C
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-sns https://aws.amazon.com/blogs/big-data/audit-aws-service-events-with-amazon-eventbridge-and-amazon-kinesis-data-firehose/ https://aws.amazon.com/blogs/big-data/ingest-streaming-data-into-amazon-elasticsearch-service-within-the-privacy-of-your-vpc-with-amazon-kinesis-data-firehose/
upvoted 4 times
...
[Removed]
1 year ago
Selected Answer: C
C gets the job done
upvoted 1 times
...
oioi
1 year ago
Selected Answer: C
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...