AWS Certified Solutions Architect – Associate (SAA-C03) — Question 692

An ecommerce company runs applications in AWS accounts that are part of an organization in AWS Organizations. The applications run on Amazon Aurora PostgreSQL databases across all the accounts. The company needs to prevent malicious activity and must identify abnormal failed and incomplete login attempts to the databases.

Which solution will meet these requirements in the MOST operationally efficient way?

Answer options

• A. Attach service control policies (SCPs) to the root of the organization to identity the failed login attempts.
• B. Enable the Amazon RDS Protection feature in Amazon GuardDuty for the member accounts of the organization.
• C. Publish the Aurora general logs to a log group in Amazon CloudWatch Logs. Export the log data to a central Amazon S3 bucket.
• D. Publish all the Aurora PostgreSQL database events in AWS CloudTrail to a central Amazon S3 bucket.

Correct answer: B

Explanation

Amazon GuardDuty RDS Protection is specifically designed to analyze Aurora login attempts and detect anomalous login behavior using machine learning, offering the most operationally efficient managed solution. In contrast, SCPs are policy boundaries and cannot analyze database logs, while manual log aggregation via CloudWatch or CloudTrail requires building and maintaining custom analysis tools to identify abnormal patterns.