SCS-C03 Question #121: Real Exam Question with Answer & Explanation

Question

A company runs workloads in an AWS account. A security engineer observes some unusual findings in Amazon GuardDuty. The security engineer wants to investigate a specific IAM role and generate an investigation report. The report must contain details about anomalous behavior and any indicators of compromise. Which solution will meet these requirements?

Options

• AUse Amazon Detective to perform an investigation on the IAM role.
• BUse AWS Audit Manager to create an assessment. Specify the IAM role. Run an assessment
• CUse Amazon Inspector to create an assessment. Specify the IAM role. Run an assessment
• DUse Amazon Inspector to run an on-demand scan of the IAM role.

Explanation

Amazon Detective is a purpose-built AWS service designed to analyze, investigate, and visualize security data to help identify the root cause of suspicious or malicious activity. According to the AWS Certified Security - Specialty Official Study Guide, Amazon Detective directly integrates with Amazon GuardDuty findings, AWS CloudTrail logs, Amazon VPC Flow Logs, and Amazon EKS audit logs to automatically create behavior graphs and timelines. When GuardDuty generates findings related to anomalous activity, Amazon Detective enables security engineers to pivot directly to an investigation focused on a specific IAM role, user, or resource. Detective automatically correlates historical activity, identifies deviations from baseline behavior, and highlights indicators of compromise, such as unusual API calls, credential misuse, or suspicious network activity.

No community discussion yet for this question.