Question 1

A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized behavior, such as unusual API calls or compromised EC2 instances communicating with known command-and-control servers. Which service should be enabled?

Accepted Answer

Look for 'malicious activity', 'unauthorized behavior', and 'command-and-control'. These are key indicators for GuardDuty.

Question 2

What mistakes do candidates make on this AWS SAA-C03 question?

Accepted Answer

Choosing CloudTrail. While CloudTrail provides the logs, GuardDuty provides the actual threat detection analysis.

A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized behavior, such as unusual API calls or compromised EC2 instances communicating with known command-and-control servers. Which service should be enabled?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 7

More questions from this exam