Exam SCS-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 14

A company uses AWS Organizations and has production workloads across multiple AWS accounts. A security engineer needs to design a solution that will proactively monitor for suspicious behavior across all the accounts that contain production workloads.

The solution must automate remediation of incidents across the production accounts. The solution also must publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic when a critical security finding is detected. In addition, the solution must send all security incident logs to a dedicated account.

Which solution will meet these requirements?

    Correct Answer: C

    To meet the requirements, the solution needs to detect suspicious behavior, automate remediation, notify via SNS, and centralize logs in a dedicated account. Amazon GuardDuty is suitable for detecting malicious activities, and to automate remediation and notifications, Amazon EventBridge can trigger a custom AWS Lambda function. Lambda enables flexibility in defining automated remediation steps and publishing notifications to SNS. Therefore, activating GuardDuty, centralizing its logs, and using EventBridge and Lambda to handle remediation and notifications fulfills all specified criteria.

Discussion
Daniel76Option: C

Security Hub by itself does not detect suspicious activity, but GuardDuty. Eventbridge rule is required to trigger remediation actions and SNS topic.

bhui

I would say it is C as Guardduty must be turned on even for the security hub options. Also you can aggregate GuardDuty Findings and trigger Events. https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/ https://repost.aws/knowledge-center/guardduty-eventbridge-sns-rule

100foldOption: C

Answer C https://www.youtube.com/watch?v=RGNMkhaT_GY

[Removed]Option: C

SecurityHub checks posture. GuardDuty monitors for malicious activity.

Almo89Option: D

Difficult one, D could also be correct. Securityhub can trigger remediation and sns from different sources (cloudwatch, guardduty) Securityhub depends of guardduty. But guardduty depends of cloudwatch as well. Securityhub has a predefined remediation based on best practice. C and D are correct, question doesn't specify/differentiates

hro

B C never addresses Remediation and why would you Configure the Lambda function to also publish notifications to the SNS topic when Security Hub works with AWS Config and AWS Systems Manager and push notificiations? The answer is B

Josh1217

GuardDuty can't directly invoke Lambda. Option C addresses remediation. Read the option properly.

Raphaello

Best answer is C One would not need SecurityHub to launch a response to GuardDuty finding. SecurityHub is security posture management tool, but without it GuardDuty can still responds to findings. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html

[Removed]

It's C. SecurityHub checks posture. GuardDuty monitors for malicious activity.

lalee2Option: C

Option C responds to all requirements; automate remediation, notification via SNS, send logs to a dedicated account

pupsikOption: C

Agree, it is C

KR693

Option C

Sumi81

Answer is C