Topic 1 Question 161
A company hired a penetration tester to simulate an internal security breach. The tester performed port scans on the company's Amazon EC2 instances. The company's security measures did not detect the port scans.
The company needs a solution that automatically provides notification when port scans are performed on EC2 instances. The company creates and subscribes to an Amazon Simple Notification Service (Amazon SNS) topic.
What should the company do next to meet the requirement?
Ensure that Amazon GuardDuty is enabled. Create an Amazon CloudWatch alarm for detected EC2 and port scan findings. Connect the alarm to the SNS topic.
Ensure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected network reachability findings that indicate port scans. Connect the event to the SNS topic.
Ensure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected CVEs that cause open port vulnerabilities. Connect the event to the SNS topic.
Ensure that AWS CloudTrail is enabled. Create an AWS Lambda function to analyze the CloudTrail logs for unusual amounts of traffic from an IP address range. Connect the Lambda function to the SNS topic.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: A
Inspector is designed to find vulnerabilities across EC2 servers and detect open ports. It doesn't detect port scans against EC2 servers. The reachability analyzer mentioned below is the port scanner itself. I doesn't detect other port scanners.
GuardDuty on the other hand draws upon traffic logs to find specious activities such as port scans in a form of a finding.
👍 3d262e672023/12/31 - 正解だと思う選択肢: B
It's B - here is a reference for the network reachability package:
👍 1csG132023/12/29 - 正解だと思う選択肢: A
GuardDuty should be the answer as it best detects whether a port scan has happened on an EC2 instances; we don't care about whether the port is open or not, we care if it was scanned.
👍 1kabary2023/12/31
シャッフルモード