SCS-C02 · Question #238
SCS-C02 Question #238: Real Exam Question with Answer & Explanation
The correct answer is B: Enable VPC flow logs for the VPC where the affected EC2 instances are located Configure the. VPC Flow Logs provide a simple way to capture network traffic information for a VPC, including details on rejected traffic. By enabling flow logs, you can filter for REJECT records on TCP port 2905, which will help identify the EC2 instances trying to communicate with the command
Question
A security engineer is investigating a malware infection that has spread across a set of Amazon EC2 instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and control hosts on the internet. The security engineer creates a network ACL rule that denies the identified outbound traffic. The security engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify any EC2 instances that are trying to communtcate on TCP port 2905. Which solution will identify the affected EC2 instances with the LEAST operational effort?
Options
- ACreate a Network Access Scope in Amazon VPC Network Access Analyzer. Use the Network
- BEnable VPC flow logs for the VPC where the affected EC2 instances are located Configure the
- CEnable Amazon GuardDuty Create a custom GuardDuty IP list to create a finding when an EC2
- DCreate a firewall in AWS Network Firewall. Attach the firewall to the subnet of the EC2 instances.
Explanation
VPC Flow Logs provide a simple way to capture network traffic information for a VPC, including details on rejected traffic. By enabling flow logs, you can filter for REJECT records on TCP port 2905, which will help identify the EC2 instances trying to communicate with the command and This requires minimal setup and effort, making it an efficient solution.
Community Discussion
No community discussion yet for this question.