Answer-first summary for fast verification
Answer: Activate Amazon GuardDuty in each production account, aggregate all GuardDuty logs in a dedicated logging account, and use Amazon EventBridge to invoke a custom AWS Lambda function from GuardDuty findings for remediation. The Lambda function should be configured to publish notifications to the SNS topic.
The correct answer is C. Amazon GuardDuty is the service designed to monitor for malicious activity and unauthorized behavior to protect AWS accounts and workloads. By activating GuardDuty in each production account and aggregating all GuardDuty logs in a dedicated logging account, suspicious activities can be monitored effectively. Amazon EventBridge is then used to trigger a custom AWS Lambda function from GuardDuty findings for automatic remediation. Additionally, the Lambda function can be configured to publish notifications to an Amazon SNS topic for critical security findings, fulfilling the requirements to automate remediation and notification.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company utilizing AWS Organizations manages production workloads across multiple AWS accounts. A security engineer is tasked with designing a comprehensive solution to proactively monitor for any suspicious activities within these production accounts. The solution must not only automate the remediation of identified incidents but also ensure that critical security findings trigger notifications via an Amazon Simple Notification Service (Amazon SNS) topic. Additionally, all security incident logs should be centralized in a dedicated logging account. Which of the following solutions meets all these requirements?
A
Activate Amazon GuardDuty in each production account, aggregate all GuardDuty logs in a dedicated logging account, and configure GuardDuty to invoke an AWS Lambda function directly for remediation. The Lambda function should also be set up to publish notifications to the SNS topic.
B
Activate AWS Security Hub in each production account, aggregate all Security Hub findings in a dedicated logging account, and use AWS Config and AWS Systems Manager for remediation. Systems Manager should be configured to publish notifications to the SNS topic.
C
Activate Amazon GuardDuty in each production account, aggregate all GuardDuty logs in a dedicated logging account, and use Amazon EventBridge to invoke a custom AWS Lambda function from GuardDuty findings for remediation. The Lambda function should be configured to publish notifications to the SNS topic.
D
Activate AWS Security Hub in each production account, aggregate all Security Hub findings in a dedicated logging account, and use Amazon EventBridge to invoke a custom AWS Lambda function from Security Hub findings for remediation. The Lambda function should be configured to publish notifications to the SNS topic.