AWS Certified Solutions Architect – Associate (SAA-C02) — Question 536

A company uses AWS to run all components of its three-tier application. The company wants to automatically detect any potential security breaches within the environment. The company wants to track any findings and notify administrators if a potential breach occurs.
Which solution meets these requirements?

Answer options

• A. Set up AWS WAF to evaluate suspicious web traffic. Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.
• B. Set up AWS Shield to evaluate suspicious web traffic. Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.
• C. Deploy Amazon Inspector to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.
• D. Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email.

Correct answer: D

Explanation

Amazon GuardDuty is designed to continuously monitor your entire AWS environment for malicious activity and unauthorized behavior, making it the ideal service for detecting potential security breaches. Integrating GuardDuty with Amazon EventBridge and Amazon SNS allows for automated, serverless notification routing to administrators. Amazon Inspector is wrong because it focuses on software vulnerability assessments rather than active breach detection, while AWS WAF and AWS Shield only protect against web-layer and DDoS attacks rather than monitoring the whole three-tier environment.