ANS-C01 Question #62: Real Exam Question with Answer & Explanation

Question

A company is running multiple workloads on Amazon EC2 instances in public subnets. In a recent incident, an attacker exploited an application vulnerability on one of the EC2 instances to gain access to the instance. The company fixed the application and launched a replacement EC2 instance that contains the updated application. The attacker used the compromised application to spread malware over the internet. The company became aware of the compromise through a notification from AWS. The company needs the ability to identify when an application that is deployed on an EC2 instance is spreading malware. Which solution will meet this requirement with the LEAST operational effort?

Options

• AUse Amazon GuardDuty to analyze traffic patterns by inspecting DNS requests and VPC flow
• BUse Amazon GuardDuty to deploy AWS managed decoy systems that are equipped with the
• CSet up a Gateway Load Balancer. Run an intrusion detection system (IDS) appliance from AWS
• DConfigure Amazon Inspector to perform deep packet inspection of outgoing traffic.

Explanation

This solution involves using Amazon GuardDuty to monitor network traffic and analyze DNS requests and VPC flow logs for suspicious activity. This will allow the company to identify when an application is spreading malware by monitoring the network traffic patterns associated with the instance. GuardDuty is a fully managed threat detection service that continuously monitors for malicious activity and unauthorized behavior in your AWS accounts and workloads. It requires minimal setup and configuration and can be integrated with other AWS services for automated remediation. This solution requires the least operational effort compared to the other options.

No community discussion yet for this question.