Answer-first summary for fast verification
Answer: Use AWS Config to track changes to your AWS resources and correlate them with findings from GuardDuty and Security Hub.
Option B is the correct answer. AWS Config can be used to track changes to your AWS resources, which can help you correlate these changes with findings from security services like GuardDuty and Security Hub. This can provide valuable insights into potential security threats and help you take appropriate action. Option A is not practical, as manually reviewing logs can be time-consuming and may not provide a comprehensive view of the security landscape. Option C is not recommended, as disabling all AWS services can disrupt your business operations and may not necessarily prevent further unauthorized access. Option D is not advisable, as relying solely on your internal security team may not be sufficient to identify and mitigate all potential threats.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization has recently experienced a series of security incidents, and you suspect that an attacker may have gained unauthorized access to your AWS environment. You have been tasked with using AWS services to detect and analyze these security threats. Which of the following steps should you take to effectively evaluate the findings from security services such as GuardDuty, Security Hub, and Macie?
A
Enable logging for all AWS services and review the logs manually to identify any suspicious activity.
B
Use AWS Config to track changes to your AWS resources and correlate them with findings from GuardDuty and Security Hub.
C
Disable all AWS services to prevent further unauthorized access and then perform a full audit of your environment.
D
Ignore the findings from security services and rely solely on your internal security team to identify and mitigate any threats.