AWS Certified Solutions Architect Professional SAP-C02 Practice Question
A financial services company operates a large number of applications across a multi-account AWS Organization. The security team needs a comprehensive, centrally managed security solution. The solution must provide proactive and intelligent threat detection for workloads and data, including identifying unusual API activity or potential instance compromises. It must also offer protection for public-facing web applications against common web exploits and DDoS attacks. A key requirement is to aggregate security findings from all accounts and services into a single, designated security tooling account for unified visibility, posture management, and prioritized remediation. Which combination of AWS services should a solutions architect recommend to meet all these requirements most effectively?
Implement Amazon GuardDuty for threat detection, AWS WAF for web application protection, AWS Shield Advanced for DDoS mitigation, and AWS Security Hub for centralized findings management.
Use AWS Config with conformance packs to enforce security best practices and Amazon Macie to discover and protect sensitive data in Amazon S3.
Deploy AWS Network Firewall in each VPC, use VPC Flow Logs for traffic analysis, and stream logs to a central Amazon S3 bucket for manual review.
Enable Amazon Inspector in all accounts to scan for vulnerabilities, and use AWS Systems Manager Patch Manager to automate patching.
The correct answer proposes a combination of AWS Security Hub, Amazon GuardDuty, AWS WAF, and AWS Shield Advanced. This solution is the most comprehensive for the described scenario. Amazon GuardDuty provides intelligent threat detection by monitoring for malicious activity and unauthorized behavior. AWS WAF protects web applications from common exploits like SQL injection and cross-site scripting. AWS Shield Advanced offers enhanced protection against sophisticated DDoS attacks. Finally, AWS Security Hub aggregates, organizes, and prioritizes security findings from GuardDuty, WAF, and other services across all accounts in an AWS Organization, providing a centralized view for posture management. This combination directly addresses all requirements: intelligent threat detection (GuardDuty), web application protection (WAF, Shield), and centralized findings aggregation (Security Hub).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon GuardDuty and how does it provide threat detection?
Open an interactive chat with Bash
How do AWS WAF and AWS Shield Advanced protect against web exploits and DDoS attacks?
Open an interactive chat with Bash
What is AWS Security Hub, and how does it centralize findings across accounts?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Design for New Solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access