Amazon DOP-C02 Exam - Topic 2 Question 24 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 24
Topic #: 2

A company manages a multi-tenant environment in its VPC and has configured Amazon GuardDuty for the corresponding AWS account. The company sends all GuardDuty findings to AWS Security Hub.

Traffic from suspicious sources is generating a large number of findings. A DevOps engineer needs to implement a solution to automatically deny traffic across the entire VPC when GuardDuty discovers a new suspicious source.

Which solution will meet these requirements?

ACreate a GuardDuty threat list. Configure GuardDuty to reference the list. Create an AWS Lambda function that will update the threat list Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.

BConfigure an AWS WAF web ACL that includes a custom rule group. Create an AWS Lambda function that will create a block rule in the custom rule group Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty

CConfigure a firewall in AWS Network Firewall. Create an AWS Lambda function that will create a Drop action rule in the firewall policy Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty

DCreate an AWS Lambda function that will create a GuardDuty suppression rule. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.

Show Suggested Answer

Suggested Answer: C

https://aws.amazon.com/blogs/security/automatically-block-suspicious-traffic-with-aws-network-firewall-and-amazon-guardduty/

by Angelica at May 13, 2024, 12:59 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Cyril

3 months ago

I’m surprised there’s no direct integration for this!

upvoted 0 times

...

Willodean

3 months ago

Wait, can Lambda really handle this automatically?

upvoted 0 times

...

Freeman

3 months ago

A seems a bit complicated for just blocking traffic.

upvoted 0 times

...

Daniela

4 months ago

I think C is the best choice for a firewall approach.

upvoted 0 times

...

Glendora

4 months ago

Option B sounds solid for blocking traffic!

upvoted 0 times

...

Beatriz

4 months ago

I’m leaning towards option B, but I’m a bit uncertain about how the custom rule group would interact with GuardDuty findings.

upvoted 0 times

...

Erick

4 months ago

I feel like we practiced something similar, but I can't recall if creating a suppression rule in GuardDuty is the right approach here.

upvoted 0 times

...

Teri

4 months ago

I think option C with AWS Network Firewall sounds familiar. It might be a good way to handle traffic based on GuardDuty findings.

upvoted 0 times

...

Fidelia

5 months ago

I remember we discussed using AWS WAF for blocking traffic, but I'm not sure if it's the best fit for this scenario.

upvoted 0 times

...

Lashandra

5 months ago

I'm a bit confused by the different options here. They all seem to involve setting up some kind of automated response to the GuardDuty findings, but the details are a bit murky. I'll need to really dive into the specifics of each approach to figure out which one best meets the requirements.

upvoted 0 times

...

Hubert

5 months ago

Okay, I think I've got a handle on this. Option B looks like the way to go - using AWS WAF and a custom rule group to automatically block traffic from suspicious sources based on the GuardDuty findings. That seems like the most comprehensive and flexible solution.

upvoted 0 times

...

Cristy

5 months ago

Hmm, this is a tricky one. I'm not entirely sure which solution would be the best fit. I'll need to make sure I understand the requirements and the capabilities of each of the AWS services mentioned in the options.

upvoted 0 times

...

Dong

5 months ago

This looks like a straightforward question about implementing a security solution to automatically deny traffic from suspicious sources based on GuardDuty findings. I'll need to carefully review the options and think through the pros and cons of each approach.

upvoted 0 times

...

Julieta

5 months ago

Ah, I see what they're getting at. The correct answer has to be the one that best captures the essence of integrity.

upvoted 0 times

...

Davida

5 months ago

Okay, let's see. Continuous delivery, self-organization, value chain thinking, or welcoming change. I'm leaning towards continuous delivery, as that seems to be a key aspect of the DevOps approach. But I'll double-check my notes just to be sure.

upvoted 0 times

...

Erin

5 months ago

I'm not too confident on this one. The wording is a bit tricky, and I'm not totally clear on how variable costing differs from other cost accounting methods. I'll have to make an educated guess here.

upvoted 0 times

...