AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 169

A company hired a penetration tester to simulate an internal security breach. The tester performed port scans on the company's Amazon EC2 instances. The company's security measures did not detect the port scans.

The company needs a solution that automatically provides notification when port scans are performed on EC2 instances. The company creates and subscribes to an Amazon Simple Notification Service (Amazon SNS) topic.

What should the company do next to meet the requirement?

Answer options

• A. Ensure that Amazon GuardDuty is enabled. Create an Amazon CloudWatch alarm for detected EC2 and port scan findings. Connect the alarm to the SNS topic.
• B. Ensure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected network reachability findings that indicate port scans. Connect the event to the SNS topic.
• C. Ensure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected CVEs that cause open port vulnerabilities. Connect the event to the SNS topic.
• D. Ensure that AWS CloudTrail is enabled. Create an AWS Lambda function to analyze the CloudTrail logs for unusual amounts of traffic from an IP address range. Connect the Lambda function to the SNS topic.

Correct answer: A

Explanation

The correct answer is A because Amazon GuardDuty is designed to detect malicious activity, including port scans, and it can trigger alarms in CloudWatch which can then send notifications through SNS. Options B and C focus on Amazon Inspector, which is more about vulnerability assessments than real-time threat detection. Option D involves CloudTrail, which logs API calls rather than detecting active scanning behavior.