ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3.2: Security ImprovementSecurityGuardDutySecurity Hub

AWS SAP-C02 · Question 12 · Domain 3.2: Security Improvement

A security team needs to continuously monitor their AWS environment for malicious activity, unauthorized behavior, and compromised EC2 instances. They want a centralized view across multiple accounts. Which solution is MOST appropriate?

Answer options:

A.

Enable AWS CloudTrail in all accounts and use Amazon Athena to query logs daily.

B.

Enable Amazon GuardDuty in all accounts and aggregate findings into a delegated administrator account using AWS Security Hub.

C.

Deploy third-party IDS/IPS agents on all EC2 instances.

D.

Use Amazon Macie to scan all EBS volumes for malicious files.

How to approach this question

Identify the native threat detection service and the centralization service.

Full Answer

B.Enable Amazon GuardDuty in all accounts and aggregate findings into a delegated administrator account using AWS Security Hub.✓ Correct
GuardDuty is the primary threat detection service in AWS. Security Hub aggregates alerts from GuardDuty across multiple accounts.

Common mistakes

Confusing Macie's use case with GuardDuty's.
11All questions13

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium
View all 75 questions →