AWS Certified Solutions Architect – Associate (SAA-C03) — Question 815

A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC. An Amazon RDS for MySQL DB instance contains the data. The company needs the ability to automatically detect and respond to suspicious or unexpected behavior in its AWS environment. The company already has added AWS WAF to its architecture.

What should a solutions architect do next to protect against threats?

Answer options

• A. Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge to filter for GuardDuty findings and to invoke an AWS Lambda function to adjust the AWS WAF rules.
• B. Use AWS Firewall Manager to perform threat detection. Configure Amazon EventBridge to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL.
• C. Use Amazon Inspector to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web application.
• D. Use Amazon Macie to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web application.

Correct answer: A

Explanation

Amazon GuardDuty is designed to monitor AWS accounts and workloads continuously for malicious activity and delivers findings that can be routed through Amazon EventBridge to trigger an AWS Lambda function for automated WAF rule updates. AWS Firewall Manager is a security management tool rather than a threat detection service, while Amazon Inspector focuses on vulnerability scanning and Amazon Macie is dedicated to sensitive data discovery in S3, making them unsuitable for active threat detection and WAF integration in this context.