AWS Certified Security – Specialty (SCS-C02) — Question 89

A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions as possible.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

Answer options

• A. Turn on VPC Flow Logs for all VPCs in the account.
• B. Activate Amazon GuardDuty across all AWS Regions.
• C. Activate Amazon Detective across all AWS Regions.
• D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that responds to findings and publishes the findings to the SNS topic.
• E. Create an AWS Lambda function. Create an Amazon EventBridge rule that invokes the Lambda function to publish findings to Amazon Simple Email Service (Amazon SES).

Correct answer: B, D

Explanation

The correct answers are B and D. Activating Amazon GuardDuty across all AWS Regions provides a comprehensive security monitoring solution, while creating an SNS topic and EventBridge rule allows for efficient notification of findings. Options A, C, and E, while useful, do not provide the same level of visibility and cost-effectiveness as the chosen options.