Amazon SCS-C03 Exam - Topic 3 Question 4 Discussion

Actual exam question for Amazon's SCS-C03 exam

Question #: 4
Topic #: 3

A company's security team wants to receive near-real-time email notifications about AWS abuse reports related to DoS attacks. An Amazon SNS topic already exists and is subscribed to by the security team.

What should the security engineer do next?

APoll Trusted Advisor for abuse notifications by using a Lambda function.

BCreate an Amazon EventBridge rule that matches AWS Health events for AWS_ABUSE_DOS_REPORT and publishes to SNS.

CPoll the AWS Support API for abuse cases by using a Lambda function.

DDetect abuse reports by using CloudTrail logs and CloudWatch alarms.

Show Suggested Answer

Suggested Answer: B

AWS abuse notifications are delivered as AWS Health events. According to the AWS Certified Security -- Specialty Study Guide, Amazon EventBridge integrates natively with AWS Health and can be used to detect specific event types such as AWS_ABUSE_DOS_REPORT in near real time.

By creating an EventBridge rule that filters for the abuse report event type and publishes directly to Amazon SNS, the solution remains fully managed, low latency, and cost effective.

Polling APIs introduces delay and complexity. CloudTrail does not log abuse notifications. EventBridge with AWS Health is the recommended mechanism for reacting to AWS service events.

Referenced AWS Specialty Documents:

AWS Certified Security -- Specialty Official Study Guide

AWS Health and EventBridge Integration

AWS Abuse Notification Handling

by Ernie at Jan 22, 2026, 04:44 PM

Limited Time Offer

25%

1 month ago

I think I'd go with option B. Creating an EventBridge rule to match the AWS Health events seems like the most straightforward way to get the notifications directly to the SNS topic.

upvoted 0 times

...