Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C03 Exam - Topic 6 Question 9 Discussion

A company runs several applications on Amazon Elastic Kubernetes Service (Amazon EKS). The company needs a solution to detect any Kubernetes security risks by monitoring Amazon EKS audit logs in addition to operating system, networking, and file events. The solution must send email alerts for any identified risks to a mailing list that is associated with a security team.Which solution will meet these requirements?
C) Enable Amazon GuardDuty. Enable EKS Protection and Runtime Monitoring for Amazon EKS in GuardDuty. Create an Amazon Simple Notification Service (Amazon SNS) topic and set the security team's mailing list as a subscriber. Use an Amazon EventBridge rule to send relevant GuardDuty events to the SNS topic.
A) Deploy AWS Security Hub and enable security standards that contain EKS controls. Create an Amazon Simple Notification Service (Amazon SNS) topic and set the security team's mailing list as a subscriber. Use an Amazon EventBridge rule to send relevant Security Hub events to the SNS topic.
B) Enable Amazon Inspector container image scanning. Configure Amazon Detective to analyze EKS security logs. Create Amazon CloudWatch log groups for EKS audit logs. Use an AWS Lambda function to process the logs and to send email alerts to the security team.
D) Install the AWS Systems Manager Agent (SSM Agent) on all EKS nodes. Configure Amazon CloudWatch Logs to collect EKS audit logs. Create an Amazon Simple Notification Service (Amazon SNS) topic and set the security team's mailing list as a subscriber. Configure a CloudWatch alarm to publish a message to the SNS topic when new audit logs are generated.

Amazon SCS-C03 Exam - Topic 6 Question 9 Discussion

Actual exam question for Amazon's SCS-C03 exam
Question #: 9
Topic #: 6
[All SCS-C03 Questions]

A company runs several applications on Amazon Elastic Kubernetes Service (Amazon EKS). The company needs a solution to detect any Kubernetes security risks by monitoring Amazon EKS audit logs in addition to operating system, networking, and file events. The solution must send email alerts for any identified risks to a mailing list that is associated with a security team.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

Option C best meets the requirements because Amazon GuardDuty provides Kubernetes-focused threat detection for Amazon EKS by analyzingEKS control plane audit logs(EKS Protection) and combining that signal withruntime telemetryfrom the worker nodes (Runtime Monitoring). EKS audit logs capture Kubernetes API activity and authorization decisions, allowing GuardDuty to detect suspicious cluster actions such as unusual API calls, unexpected access patterns, or indicators of compromise within the cluster. Runtime Monitoring extends coverage tooperating system/process activity, network connections, and file activityon the nodes, which directly aligns with the need to monitor OS, networking, and file events in addition to audit logs.

For notifications, GuardDuty generatesfindingsthat can be delivered throughAmazon EventBridgerules. EventBridge can route relevant GuardDuty findings to anAmazon SNS topic, and SNS can sendemail alertsto the security team by subscribing the team's mailing list to the topic. This approach is fully managed, near real time, and avoids building custom log-parsing pipelines while still providing actionable alerts based on GuardDuty's curated EKS threat detections.


by Salena at May 03, 2026, 08:05 PM

Limited Time Offer

25%

Off

Get Premium SCS-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tamera
1 month ago
I feel like option C could be a good choice since GuardDuty is designed for security monitoring, but I can't recall if it directly supports EKS audit logs.
upvoted 0 times
...
Coletta
1 month ago
I think option A sounds familiar because we practiced using EventBridge with Security Hub, but I'm a bit confused about how it handles EKS specifically.
upvoted 0 times
...
Tiera
1 month ago
I remember we discussed the importance of using Amazon SNS for alerting, but I'm not sure which option integrates best with EKS audit logs.
upvoted 0 times
...

Save Cancel