AWS Certified Security - Specialty SCS-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

AWS Certified Security - Specialty SCS-C02 Exam - Question 33

A company has a single AWS account and uses an Amazon EC2 instance to test application code. The company recently discovered that the instance was compromised. The instance was serving up malware. The analysis of the instance showed that the instance was compromised 35 days ago.

A security engineer must implement a continuous monitoring solution that automatically notifies the company's security team about compromised instances through an email distribution list for high severity findings. The security engineer must implement the solution as soon as possible.

Which combination of steps should the security engineer take to meet these requirements? (Choose three.)

Show Answer
Correct Answer: BCE

To meet the requirement of continuous monitoring and automatic notification for compromised instances, the following steps need to be taken. First, enabling Amazon GuardDuty in the AWS account is crucial as it provides intelligent threat detection and continuous security monitoring. Second, creating an Amazon SNS topic and subscribing the security team's email distribution list to it ensures that high severity findings are promptly communicated. Lastly, creating an Amazon EventBridge rule for GuardDuty findings of high severity and configuring the rule to publish a message to the SNS topic facilitates the automatic notification process, triggering alerts to the security team.

Discussion

10 comments
Sign in to comment
100foldOptions: BCE
Oct 19, 2023

Answer BCE

WeepingMaplte
Dec 11, 2023

AWS Security Hub does not have any scanning capabilities. It provides you with a comprehensive view of your security state only.

Daniel76Options: BCE
Nov 30, 2023

https://repost.aws/knowledge-center/guardduty-eventbridge-sns-rule

pupsikOptions: BCE
Oct 27, 2023

BCE it is.

Daniel76Options: BCE
Dec 2, 2023

GuardDuty, Eventbridge, SNS topics

AameeOptions: BCE
Nov 20, 2023

BCE options look most relevant.

RaphaelloOptions: BCE
Feb 20, 2024

BCE..obviously. GuardDuty + EventBridge + SNS

Ved_1142
Jun 12, 2024

BCE its GuardDuty -- for monitoring SNS- to Notify GuardDuty in EventBridge as Rule as mentioned in Question.

FunkyFrescoOptions: BCE
Aug 21, 2024

BCE are the right options.

c6ed25aOptions: BCE
Mar 23, 2025

BCE is correct. Security hub is used for comprehensive view