Exam AWS Certified Security - Specialty topic 1 question 206 discussion

Only A has automatic remediation and alerts.

I suppose A makes sense, but we should note that GuardDuty can't analyze DNS logs from third party sources, so as long as the DNS logs are coming from within the VPC or Route 53 or wherever then A would work

A is the correct answer. GuardDuty (looking into VPC logs, DNS logs, CloudTrail, & S3 data events) + SH + EventBridge & Lambda for auto remediation.

Option A is the best solution as it leverages Amazon GuardDuty and AWS Security Hub to collect security alerts from all AWS accounts and regions. A designated master security account receives these alerts, providing centralized monitoring. By setting up specific rules in Amazon EventBridge, alerts can trigger an AWS Lambda function for automatic remediation, ensuring suspicious behavior is addressed promptly. This scalable solution aligns with the company's expected growth and eliminates the need for an on-premises SIEM or manual intervention for remediation steps.

AWS Lambda functions can be used to assist with the remediation process. The question insinuates that we need to detect abnormal system behavior in our environment. As a primary result, we need to implement a detection and response solution. So GuardDuty is official apart of the answer here. A

question says: 1- introduce a similar capability to its "AWS accounts" 2- that includes automatic remediation. meaning other sources are irrelevant and it needs lambda to remediate. Also you need guard duty to alerts on suspicious behavior. Its between A & D, but D says: Create an AWS Organizations SCP that denies access to certain API calls that are on an ignore list. Which is nonsense so its A.

It's A

I go on A.

Marketing question .... Amazon GuardDuty and AWS Security Hub cannot really compete with a SIEM

A IS CORRECT

the answer is A . - The business intends to provide a comparable feature to its AWS customers, complete with automated cleanup.

The question and answers do not match well. B - not right, there is no on-premise SIEM. it is a third-party service. C - similar to B, and is not scalable. D - SCP for denying certain API calls A - The only choice.

automated cleanup: - Amazon EventBridge to trigger an AWS Lambda Within the next three months, the firm plans to double in size : - EventBridge , serverless, scalable. Amazon GuardDuty and AWS Security Hub:- can process DNS logs and catch suspicoius activity

C , Must be C, As @shiptyeyes said , it cant support other sources, also they don't Want remediation, so A is irrelevant, they want scalable logging, S3 is good for scalability, and it cant be B, since B offers to use the onprem system, The onprem system might not be scalable so C which is migrate the SIEM system to S3 is the better option, you may scale it either vertically (just increase the instance size) or horizontally, since its a monitoring system with the source being S3, you may be able to define different responsibilities to each of the instances , and have each one monitor half, or use an sqs to injest.

Come on guys ... GuardDuty clearly states ..."If you use another DNS resolver, such as OpenDNS or GoogleDNS, or if you set up your own DNS resolvers, then GuardDuty cannot access and process data from this data source." https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html Cannot be A ... or D.

A Seems correct In this solution, you will use a combination of AWS Security Hub, Amazon EventBridge and AWS Lambda to ingest the findings and automatically enrich them with account related metadata by querying AWS Organizations and Account management service APIs. https://aws.amazon.com/blogs/security/how-to-enrich-aws-security-hub-findings-with-account-metadata/

Answer: A Answers are bad for what the question is asking for. It specifically asks which solution works for present/future. It also needs to automate cleanup. None of the answers mention anything about scaling for handling the firms doubling in size in 3 months. A seems like the best choice out of all of them since it automates the cleanup with Lambda.