AWS Certified Security - Specialty SCS-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

AWS Certified Security - Specialty SCS-C02 Exam - Question 40

A company recently had a security audit in which the auditors identified multiple potential threats. These potential threats can cause usage pattern changes such as DNS access peak, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls. The threats can come from different sources and can occur at any time. The company needs to implement a solution to continuously monitor its system and identify all these incoming threats in near-real time.

Which solution will meet these requirements?

Show Answer
Correct Answer: C

The best solution to continuously monitor the system and identify incoming threats in near-real time is to enable Amazon GuardDuty from a centralized account. GuardDuty is specifically designed to analyze and process various data sources, including AWS CloudTrail logs, VPC flow logs, and DNS logs, to detect and prioritize potential threats. It provides near-real-time threat detection and uses machine learning to identify abnormal behavior patterns, making it the most suitable choice among the options provided.

Discussion

8 comments
Sign in to comment
100foldOption: C
Oct 19, 2023

Answer C

Daniel76Option: C
Dec 2, 2023

Guardduty draw data sources from: AWS CloudTrail logs, VPC flow logs, and DNS logs https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html Only GuardDuty detects abnormal and unusual activities among all choices.

AameeOption: C
Nov 30, 2023

Monitoring threats, abnormal traffic etc always leads towards GuardDuty.

[Removed]
Sep 4, 2024

Amazon GuardDuty is a fully managed threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and unauthorized behavior. It uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Near-Real-Time Monitoring: GuardDuty is designed to analyze data sources like AWS CloudTrail logs, VPC flow logs, and DNS logs in near-real-time. It can detect unusual patterns such as DNS access peaks, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls, which align with the threats identified during the security audit. Answer : C

smanzana
Jan 23, 2024

C- near-real time -> GuardDuty

RaphaelloOption: C
Feb 9, 2024

GuardDuty (C)

723993fOption: C
Nov 26, 2024

Absolutely hate the wording here, unnecessary confusion. Guardduty doesn't "manage" logs, but yes its C.

c6ed25aOption: C
Mar 23, 2025

Guard Duty is used to analysis of VPC flow logs, cloud trail logs and dns logs