【評判】Practice Exams | AWS Certified Security – Specialty

Preparing for AWS Certified Security Specialty SCS-C02? This is THE practice exams course to give you the winning edge.

These practice exams have been co-authored by Stephane Maarek and Abhishek Singh who bring their collective experience of passing 20 AWS Certifications to the table.

The tone and tenor of the questions mimic the real exam. Along with the detailed description and “exam alert” provided within the explanations, we have also extensively referenced AWS documentation to get you up to speed on all domain areas being tested for the SCS-C02 exam.

We want you to think of this course as the final pit-stop so that you can cross the winning line with absolute confidence and get AWS Certified! Trust our process, you are in good hands.

All questions have been written from scratch! And more questions are being added over time!

Quality speaks for itself

SAMPLE QUESTION:

A mid-sized company recently deployed Amazon GuardDuty to monitor their AWS environment for potential security threats. The security team noticed a high number of RDP brute force attacks originating from an Amazon EC2 instance and decided to take action to prevent any issues. The company's security engineer was tasked with implementing an automated solution that could block the suspicious instance until the issue could be investigated and remediated.

Which of the following solutions should the security engineer implement?

1. Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure Kinesis Data Analytics to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules

2. Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the WAF web ACL

3. Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the network ACL rules

4. Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure a Lambda function to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules

What's your guess? Scroll below for the answer.

Correct: 4.

Explanation:

Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure a Lambda function to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules files

AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices.

Security Hub collects security data from across AWS accounts, services (such as GuardDuty), and supported third-party partner products and helps you analyze your security trends and identify the highest priority security issues.

How Security Hub works:

Reference Image

via - Reference Link

Leveraging Amazon EventBridge's integration with Security Hub, you can automate your AWS services to respond automatically to system events such as application availability issues or resource changes. Events from AWS services are delivered to EventBridge in near-real time and on a guaranteed basis. You can write simple rules to indicate which events you are interested in and what automated actions to take when an event matches a rule. The actions that can be automatically triggered include the following:

Invoking an AWS Lambda function

Invoking the Amazon EC2 run command

Relaying the event to Amazon Kinesis Data Streams

Activating an AWS Step Functions state machine

Notifying an Amazon SNS topic or an Amazon SQS queue

Sending a finding to a third-party ticketing, chat, SIEM, or incident response and management tool

For the given use case, you can process the Security Hub events in Kinesis Data Streams by using a Lambda function that monitors any UnauthorizedAccess:EC2/RDPBruteForce finding from GuardDuty that is relayed via Security Hub. This finding informs you that an EC2 instance in your AWS environment was involved in a brute force attack aimed at obtaining passwords to RDP services on Windows-based systems. This can indicate unauthorized access to your AWS resources. When the Lambda function sees a matching finding, it can block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules.

Incorrect options:

Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the WAF web ACL - WAF web ACL can only be applied to the following resource types: CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AWS AppSync GraphQL API and Amazon Cognito user pool. You can use AWS WAF to control how your protected resources respond to HTTP(S) web requests. The given use case is about RDP brute force attacks originating from an EC2 instance, so using WAF web ACL is not relevant, as it cannot monitor traffic originating from an EC2 instance.

Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the network ACL rules - Using Network ACL rules would impact all instances in a subnet. It will not isolate the traffic only for the suspicious instance. Hence this option is incorrect.

Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure Kinesis Data Analytics to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules - Amazon Kinesis Data Analytics can be used to transform and analyze streaming data in real-time with Apache Flink. Apache Flink is an open-source framework and engine for processing data streams. Kinesis Data Analytics reduces the complexity of building, managing, and integrating Apache Flink applications with other AWS services. This option has been added as a distractor as Kinesis Data Analytics cannot be used to update the security groups for an instance.

with reference links

Instructor

My name is Stéphane Maarek, I am passionate about Cloud Computing, and I will be your instructor in this course. I teach about AWS certifications, focusing on helping my students improve their professional proficiencies in AWS.

I have already taught 1,500,000+ students and gotten 500,000+ reviews throughout my career in designing and delivering these certifications and courses!

I'm delighted to welcome Abhishek Singh as my co-instructor for these practice exams!

Welcome to the best practice exams to help you prepare for your AWS Certified Security Specialty exam.

• You can retake the exams as many times as you want

• This is a huge original question bank

• You get support from instructors if you have questions

• Each question has a detailed explanation

• Mobile-compatible with the Udemy app

• 30-days money-back guarantee if you're not satisfied

We hope that by now you're convinced!. And there are a lot more questions inside the course.

Happy learning and best of luck for your AWS Certified Security Specialty SCS-C02 exam!