SCS-C03 · Question #135
SCS-C03 Question #135: Real Exam Question with Answer & Explanation
The correct answer is A: Use Amazon Detective to run investigations on the IAM roles and to visualize the findings.. Amazon Detective is a managed service designed specifically to investigate and analyze security findings by automatically correlating data from Amazon GuardDuty, AWS CloudTrail, and VPC Flow Logs. According to the AWS Certified Security - Specialty Official Study Guide, Detective
Question
A company needs the ability to identify the root cause of security findings in an AWS account. The company has enabled VPC Flow Logs, Amazon GuardDuty, and AWS CloudTrail. The company must investigate any IAM roles that are involved in the security findings and must visualize the findings. Which solution will meet these requirements?
Options
- AUse Amazon Detective to run investigations on the IAM roles and to visualize the findings.
- BUse Amazon Inspector to run investigations on the IAM roles and visualize the findings.
- CExport GuardDuty findings to Amazon S3 and analyze them with Amazon Athena.
- DEnable AWS Security Hub and use custom actions to investigate IAM roles.
Explanation
Amazon Detective is a managed service designed specifically to investigate and analyze security findings by automatically correlating data from Amazon GuardDuty, AWS CloudTrail, and VPC Flow Logs. According to the AWS Certified Security - Specialty Official Study Guide, Detective enables security teams to identify root causes, anomalous behavior, and indicators of compromise through interactive visualizations. Amazon Detective allows investigators to pivot directly to IAM roles, users, and resources that are involved in GuardDuty findings. Detective builds behavior graphs and timelines that show API activity, network traffic, and historical context, making it easier to understand how and why a security incident occurred.
Community Discussion
No community discussion yet for this question.