ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 390 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 390
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security engineer needs to implement an intrusion detection system (IDS) for a shipping company. The findings from the system must generate alerts that can be sent to an email distribution group that the company’s operations team uses. The security engineer must maximize the coverage that the IDS provides.

Which combination of steps should the security engineer take to meet these requirements? (Choose two.)

  • A. Create an AWS CloudTrail trail to capture management events and Amazon S3 data events. Create VPC flow logs for all VPCs. Specify for the flow logs to capture all traffic.
  • B. Create an AWS CloudTrail trail to capture management events and Amazon S3 data events. Create VPC flow logs for all VPCS. Specify for the flow logs to capture accepted traffic.
  • C. Configure Amazon GuardDuty. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to forward finding events to an Amazon Simple Notification Service (Amazon SNS) topic
  • D. Configure AWS Security Hub. Create an Amazon EventBridge (Amazon CloudWatch Events) rue to forward finding events to an Amazon Simple Notification Service (Amazon SNS) topic.
  • E. Create an AWS CloudTrail trail to capture management events and Amazon S3 data events. Configure an AWS Lambda function to analyze VPC flow logs and to inspect all flow log traffic that matches the ACCEPT filter type.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by D2 at Nov. 28, 2022, 10:50 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D2
Highly Voted 2 years, 4 months ago
Answer: AC https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html
upvoted 5 times
...
Granwizzard
Most Recent 1 year, 10 months ago
Selected Answer: CD
"The findings from the system must generate alerts that can be sent to an email distribution group", C and D are the only ones configured to do that.
upvoted 1 times
...
Green53
1 year, 10 months ago
Selected Answer: AC
A/C I'd say AWS Security Hub is more of a CSPM tool, rather than IDS/IPS (since you're pulling in data from other sources that provide that functionality). GuardDuty can act as a IDS (not IPS) since it provides information from VPC Flow logs and DNS logs about suspicious traffic (i.e, detection) Yes, you don't need to enable VPC Flow Logs separately, but CloudFlare capturing S3 and API events is good practise.
upvoted 1 times
...
Toptip
1 year, 10 months ago
Selected Answer: AD
A+D for me... GuardDuty it's NOT IDS (or IPS). D - Security Hub can actually report IDS findings: https://docs.aws.amazon.com/managedservices/latest/userguide/gui-enable-IPSIDS.html
upvoted 1 times
...
nairj
2 years ago
Answer is A and C - Use Guardduty, and logs from Cloudtrail, VPC flow logs, and DNS logs
upvoted 1 times
...
createchange
2 years, 2 months ago
Selected Answer: AC
Of note, you don't NEED to enable CloudTrail, VPC Flow Logs, etc. for GuardDuty to function: I'm voting C,D. GuardDuty does not require that enable CloudTrail, VPC Flow Logs, etc: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-before. Enabling these services and alerting However, in an effort to maximize coverage, it does make sense to enable those sources and ship them to your IDS. This will allow both GuardDuty and the IDS to evaluate and generate findings. Might be duplicative, but alas.
upvoted 3 times
createchange
2 years, 2 months ago
Whoa that got mangled - here is what I meant to type... Of note - you don't NEED to enable CloudTrail, VPC Flow Logs, etc. for GuardDuty to function: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-before. However, in an effort to maximize coverage, it does make sense to enable those sources and ship them to your IDS. This will allow both GuardDuty and the IDS to evaluate and generate findings. Might be duplicative, but alas.
upvoted 2 times
...
...
awsec2
2 years, 3 months ago
CD because of maximizing the coverage requirement
upvoted 1 times
awsec2
2 years, 3 months ago
sorry AC
upvoted 1 times
...
...
tainh
2 years, 4 months ago
Selected Answer: AC
https://aws.amazon.com/blogs/security/new-third-party-test-compares-amazon-guardduty-to-network-intrusion-detection-systems/
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago