AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
In a multi-tenant VPC environment, a company has set up Amazon GuardDuty and forwards all its findings to AWS Security Hub. Due to a surge in findings from suspicious sources, a DevOps engineer is tasked with implementing a solution to automatically block traffic across the entire VPC upon detection of a new suspicious source by GuardDuty. Which of the following solutions would effectively address this requirement?
Exam-Like
A
Create a GuardDuty threat list. Configure GuardDuty to reference the list. Create an AWS Lambda function that will update the threat list. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
B
Configure an AWS WAF web ACL that includes a custom rule group. Create an AWS Lambda function that will create a block rule in the custom rule group. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
C
Configure a firewall in AWS Network Firewall. Create an AWS Lambda function that will create a Drop action rule in the firewall policy. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
D
Create an AWS Lambda function that will create a GuardDuty suppression rule. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Explanation:
The correct answer is C: Configure a firewall in AWS Network Firewall. Create an AWS Lambda function that will create a Drop action rule in the firewall policy. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty. This solution leverages AWS Network Firewall, which is designed to handle high volumes of traffic and can be configured to drop traffic from suspicious sources automatically based on findings. Additionally, creating a Lambda function to update the firewall policy ensures that new threats are dynamically blocked as soon as they are identified by GuardDuty and reported to Security Hub.
Comments
Loading comments...