CLF-C02 · Question #172
CLF-C02 Question #172: Real Exam Question with Answer & Explanation
The correct answer is C: Amazon GuardDuty. Amazon GuardDuty is a managed threat detection service that continuously monitors AWS accounts, workloads, and S3 buckets by analyzing data sources like AWS CloudTrail logs, VPC Flow Logs, and DNS logs to identify malicious activity and unauthorized behavior - perfectly matching
Question
A company needs a threat detection service that will continuously monitor its AWS accounts, workloads, and Amazon S3 buckets for malicious activity and unauthorized behavior. Which AWS service meets these requirements?
Options
- AAWS Shield
- BAWS Firewall Manager
- CAmazon GuardDuty
- DAmazon Inspector
Explanation
Amazon GuardDuty is a managed threat detection service that continuously monitors AWS accounts, workloads, and S3 buckets by analyzing data sources like AWS CloudTrail logs, VPC Flow Logs, and DNS logs to identify malicious activity and unauthorized behavior - perfectly matching the requirements.
Why the distractors are wrong:
- AWS Shield (A) is a DDoS protection service, not a broad threat detection tool
- AWS Firewall Manager (B) is used to centrally manage firewall rules and security policies across accounts, not to detect threats
- Amazon Inspector (D) performs automated vulnerability assessments on EC2 instances and container images, focusing on software vulnerabilities rather than continuous behavioral threat detection
Memory Tip: Think of GuardDuty as your always-on security guard 🔒 - it guards your AWS environment 24/7, watching for suspicious behavior, just like a security guard monitors a building. If a question mentions continuous monitoring + threat detection + malicious activity, GuardDuty is almost always the answer.
Topics
Community Discussion
No community discussion yet for this question.