AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 68

A company runs a workload in an Amazon VPC. The company configures Amazon CloudWatch Logs for the workload. The company needs a solution to automatically detect unusual API activity and security events in the company's AWS account.

Which solution will meet this requirement?

Answer options

• A. Use Amazon Inspector to scan VPC flow logs.
• B. Use Amazon GuardDuty to monitor CloudWatch logs.
• C. Implement AWS CloudTrail Insights.
• D. Use AWS Config automatic anomaly detection.

Correct answer: B

Explanation

Amazon GuardDuty is designed to continuously monitor and analyze CloudWatch logs for suspicious activity, making it the ideal solution for detecting unusual API actions and security events. While Amazon Inspector scans for vulnerabilities, it does not specifically monitor for anomalous activities. AWS CloudTrail Insights and AWS Config focus on different aspects of account activity and compliance, but they do not offer the same level of real-time threat detection as GuardDuty.