Question 307:
You just joined an IT security team in a large financial company. Your company is a heavy user of AWS and owns a large number of AWS resources including EC2, S3, RDS, etc. In order to monitor the services from security perspective, your team is required to create a continuous monitoring service in AWS. For example, the service should be able to identify potential risks if an EC2 instance is compromised and is used to perform a Denial of Service (DoS) attack using UDP protocol. Which approach should you take?
Answer options:
A.Use AWS GuardDuty to continuously monitor AWS services. GuardDuty can detect security issues and generate findings in console or through Amazon CloudWatch events. B.Enable AWS Macie to continuously scan AWS security risks in resources such as EC2. It can identify potential issues and provide alarms such as if an EC2 instance is compromised. C.Enable AWS Enterprise support plan and activate full features of Trusted Advisor which can quickly provide alarms for security related issue. D.Activate VPC Flow Logs, AWS CloudTrail event logs, and DNS logs and transfer the logs to a dedicated S3 bucket. Configure Athena to query the logs to identify potential security problems.
