AWS Certified Solutions Architect – Associate (SAA-C03) — Question 1004

A company has deployed its newest product on AWS. The product runs in an Auto Scaling group behind a Network Load Balancer. The company stores the product’s objects in an Amazon S3 bucket.

The company recently experienced malicious attacks against its systems. The company needs a solution that continuously monitors for malicious activity in the AWS account, workloads, and access patterns to the S3 bucket. The solution must also report suspicious activity and display the information on a dashboard.

Which solution will meet these requirements?

Answer options

• A. Configure Amazon Macie to monitor and report findings to AWS Config.
• B. Configure Amazon Inspector to monitor and report findings to AWS CloudTrail.
• C. Configure Amazon GuardDuty to monitor and report findings to AWS Security Hub.
• D. Configure AWS Config to monitor and report findings to Amazon EventBridge.

Correct answer: C

Explanation

Amazon GuardDuty provides continuous threat detection by monitoring AWS accounts, workloads, and Amazon S3 access patterns for anomalous and malicious behavior. Integrating GuardDuty with AWS Security Hub allows these security findings to be aggregated and visualized on a single, centralized dashboard. Other options like Amazon Macie (sensitive data discovery) and Amazon Inspector (vulnerability scanning) do not offer comprehensive threat detection across all these areas, nor do AWS Config or CloudTrail serve as centralized security dashboards.