AWS Certified Security – Specialty (SCS-C02) — Question 201

A company needs to detect unauthenticated access to its Amazon Elastic Kubernetes Service (Amazon EKS) clusters. The company needs a solution that requires no additional configuration of the existing EKS deployment.

Which solution will meet these requirements with the LEAST operational effort?

Answer options

• A. Install an Amazon EKS add-on from a security vendor.
• B. Enable AWS Security Hub. Monitor the Kubernetes findings.
• C. Monitor Amazon CloudWatch Container Insights metrics for Amazon EKS.
• D. Enable Amazon GuardDuty. Use EKS Audit Log Monitoring.

Correct answer: D

Explanation

The correct answer is D because Amazon GuardDuty provides threat detection and monitoring capabilities without requiring additional configuration of the EKS cluster. Options A and B involve additional setup or monitoring processes that do not directly address unauthenticated access. Option C focuses on metrics that may not specifically highlight unauthorized access events.