Which AWS service is primarily used to detect unusual or malicious activity across accounts?

Sharpen your skills for the AWS Certified Solutions Architect Professional Exam. Dive into flashcards, multiple choice questions, each with detailed explanations and hints. Perfect your knowledge and get ready to ace the AWS exam!

Multiple Choice

Which AWS service is primarily used to detect unusual or malicious activity across accounts?

Explanation:
GuardDuty monitors and detects unusual or malicious activity across AWS accounts by continuously analyzing data from multiple sources, including VPC Flow Logs, CloudTrail events, and DNS logs. It uses machine learning and threat intelligence to identify patterns that suggest threats—such as unusual API calls, suspicious account activity, or data exfiltration attempts—and surfaces these as findings with severity levels. It can be enabled across an AWS Organization to provide centralized threat detection across member accounts, sending alerts through EventBridge, SNS, or Security Hub. CloudTrail records API activity, providing a detailed audit trail but not automatically detecting threats. Detective helps investigators by linking related events to build a narrative of what happened during a security incident, rather than providing real-time anomaly detection across accounts. Config tracks resource configurations and changes for compliance, not threat detection.

GuardDuty monitors and detects unusual or malicious activity across AWS accounts by continuously analyzing data from multiple sources, including VPC Flow Logs, CloudTrail events, and DNS logs. It uses machine learning and threat intelligence to identify patterns that suggest threats—such as unusual API calls, suspicious account activity, or data exfiltration attempts—and surfaces these as findings with severity levels. It can be enabled across an AWS Organization to provide centralized threat detection across member accounts, sending alerts through EventBridge, SNS, or Security Hub.

CloudTrail records API activity, providing a detailed audit trail but not automatically detecting threats. Detective helps investigators by linking related events to build a narrative of what happened during a security incident, rather than providing real-time anomaly detection across accounts. Config tracks resource configurations and changes for compliance, not threat detection.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy