AWS Certified Security – Specialty (SCS-C02) — Question 54

A company recently had a security audit in which the auditors identified multiple potential threats. These potential threats can cause usage pattern changes such as DNS access peak, abnormal instance traffic, abnormal network interface traffic, and unusual Amazon S3 API calls. The threats can come from different sources and can occur at any time. The company needs to implement a solution to continuously monitor its system and identify all these incoming threats in near-real time.
Which solution will meet these requirements?

Answer options

• A. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon CloudWatch Logs to manage these logs from a centralized account.
• B. Enable AWS CloudTrail logs, VPC flow logs, and DNS logs. Use Amazon Macie to monitor these logs from a centralized account.
• C. Enable Amazon GuardDuty from a centralized account. Use GuardDuty to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.
• D. Enable Amazon Inspector from a centralized account. Use Amazon Inspector to manage AWS CloudTrail logs, VPC flow logs, and DNS logs.

Correct answer: C

Explanation

The correct answer is C because Amazon GuardDuty is specifically designed for continuous monitoring and threat detection in near-real time by analyzing various log sources such as AWS CloudTrail, VPC flow logs, and DNS logs. Options A and B do not provide real-time threat detection, as they rely on other services that do not actively monitor for threats. Option D, while it manages logs, does not focus on threat detection like GuardDuty does.