Topic 1 Question 137
A company manages a multi-tenant environment in its VPC and has configured Amazon GuardDuty for the corresponding AWS account. The company sends all GuardDuty findings to AWS Security Hub.
Traffic from suspicious sources is generating a large number of findings. A DevOps engineer needs to implement a solution to automatically deny traffic across the entire VPC when GuardDuty discovers a new suspicious source.
Which solution will meet these requirements?
Create a GuardDuty threat list. Configure GuardDuty to reference the list. Create an AWS Lambda function that will update the threat list. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Configure an AWS WAF web ACL that includes a custom rule group. Create an AWS Lambda function that will create a block rule in the custom rule group. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Configure a firewall in AWS Network Firewall. Create an AWS Lambda function that will create a Drop action rule in the firewall policy. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Create an AWS Lambda function that will create a GuardDuty suppression rule. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
ユーザの投票
コメント(6)
- 👍 8traveller372023/09/01
- 正解だと思う選択肢: C
C is correct . Only Network Firewall can block traffic at VPC level.
A only updates the list , no blocking action B- WAF and Web ACL can block only HTTPS traffic for a API/VPC endpoint/ Cloudfron distribution not for enire VPC👍 5RVivek2023/09/22 - 正解だと思う選択肢: C
Here's the rationale for choosing this option:
AWS Network Firewall: AWS Network Firewall is designed to provide centralized network traffic inspection and filtering. It's a suitable choice for implementing network-level controls.
Lambda Function for Automation: Creating a Lambda function to trigger the creation of a Drop action rule in the firewall policy allows for automated response based on Security Hub findings. This enables you to take immediate action when suspicious sources are detected.
Specific Action (Drop): The Drop action rule is effective for denying traffic from suspicious sources, effectively controlling access and preventing unwanted traffic.
This approach aligns well with the requirement to automatically deny traffic when GuardDuty identifies a new suspicious source, enhancing security in the multi-tenant VPC environment.
👍 3Dushank2023/09/23
シャッフルモード