AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 55

A company is running multiple workloads on Amazon EC2 instances in public subnets. In a recent incident, an attacker exploited an application vulnerability on one of the EC2 instances to gain access to the instance. The company fixed the application and launched a replacement EC2 instance that contains the updated application.
The attacker used the compromised application to spread malware over the internet. The company became aware of the compromise through a notification from AWS. The company needs the ability to identify when an application that is deployed on an EC2 instance is spreading malware.
Which solution will meet this requirement with the LEAST operational effort?

Answer options

• A. Use Amazon GuardDuty to analyze traffic patterns by inspecting DNS requests and VPC flow logs.
• B. Use Amazon GuardDuty to deploy AWS managed decoy systems that are equipped with the most recent malware signatures.
• C. Set up a Gateway Load Balancer. Run an intrusion detection system (IDS) appliance from AWS Marketplace on Amazon EC2 for traffic inspection.
• D. Configure Amazon Inspector to perform deep packet inspection of outgoing traffic.

Correct answer: A

Explanation

The correct answer is A because Amazon GuardDuty automatically analyzes traffic patterns, which allows for quick identification of potential malware spreading without requiring extensive manual configuration. Option B is incorrect as deploying decoy systems does not directly address the need for monitoring outgoing traffic. Option C requires more operational effort to set up and maintain an IDS appliance, while option D involves a more complex setup and may not provide real-time detection as effectively as GuardDuty.