SCS-C02 · Question #281
SCS-C02 Question #281: Real Exam Question with Answer & Explanation
The correct answer is D: Use the aws GuardDuty get-members AWS CLI command m the security account to see if the. Since AWS Organizations is used, then the GuardDuty account in the security account is the "administrative" instance. Member accounts can be invited to join the administrative account to combine findings.
Question
A company is using AWS Organizations to manage multiple AWS member accounts. All of these accounts have Amazon GuardDuty enabled in all Regions. The company's AW5 Security Operations Center has a centralized security account for logging and monitoring. One of the member accounts has received an excessively high bill A security engineer discovers that a compromised Amazon EC2 instance is being used to mine crypto currency. The Security Operations Center did not receive a GuardDuty finding in the central security account. But there was a GuardDuty finding in the account containing the compromised EC2 instance. The security engineer needs to ensure an GuardDuty finding are available in the security account. What should the security engineer do to resolve this issue?
Options
- ASet up an Amazon CloudWatch Event rule to forward ail GuardDuty findings to the security
- BSet up an Amazon CloudWatch Events rule to forward all GuardDuty findings to the security
- CCheck that GuardDuty in the security account is able to assume a role in the compromised
- DUse the aws GuardDuty get-members AWS CLI command m the security account to see if the
Explanation
Since AWS Organizations is used, then the GuardDuty account in the security account is the "administrative" instance. Member accounts can be invited to join the administrative account to combine findings.
Community Discussion
No community discussion yet for this question.