Answer-first summary for fast verification
Answer: Activate Amazon GuardDuty across all AWS Regions., Create an Amazon Simple Notification Service (Amazon SNS) topic and an Amazon EventBridge rule that publishes findings to the SNS topic.
To develop a comprehensive incident response plan to detect and respond to suspicious activities across VPC-hosted resources in multiple AWS Regions, activating Amazon GuardDuty (option B) is essential. GuardDuty provides continuous monitoring for malicious activity and unauthorized behavior. It analyzes data from AWS CloudTrail, VPC Flow Logs, and DNS logs, which eliminates the need for option A. Option D, which involves creating an Amazon SNS topic and an Amazon EventBridge rule to publish findings, ensures that the relevant stakeholders are notified and can take prompt action on the findings detected by GuardDuty. This combination provides maximum visibility and response capabilities in a cost-effective manner.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A security engineer at a company is tasked with creating an incident response plan to detect and respond to suspicious activities within VPC-hosted resources across multiple AWS Regions. To achieve this effectively and cost-efficiently, which two actions should the engineer implement?
A
Turn on VPC Flow Logs for all VPCs in the account.
B
Activate Amazon GuardDuty across all AWS Regions.
C
Activate Amazon Detective across all AWS Regions.
D
Create an Amazon Simple Notification Service (Amazon SNS) topic and an Amazon EventBridge rule that publishes findings to the SNS topic.
E
Create an AWS Lambda function and an Amazon EventBridge rule that invokes the Lambda function to send findings via Amazon Simple Email Service (Amazon SES).