AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 40

Under increased cybersecurity concerns, a company is deploying a near real-time intrusion detection system (IDS) solution. A system must be put in place as soon as possible. The architecture consists of many AWS accounts, and all results must be delivered to a central location.
Which solution will meet this requirement, while minimizing downtime and costs?

Answer options

• A. Deploy a third-party vendor solution to perform deep packet inspection in a transit VPC.
• B. Enable VPC Flow Logs on each VPC. Set up a stream of the flow logs to a central Amazon Elasticsearch cluster.
• C. Enable Amazon Macie on each AWS account and configure central reporting.
• D. Enable Amazon GuardDuty on each account as members of a central account.

Correct answer: D

Explanation

The correct answer is D because Amazon GuardDuty provides a cost-effective and efficient way to monitor for malicious activity across multiple AWS accounts, allowing centralized management of alerts. Options A and C involve additional complexity and cost without the same level of streamlined integration, while option B, while useful for monitoring traffic, does not offer the same real-time detection capabilities as GuardDuty.