Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A company runs a web application on a fleet of Amazon EC2 instances that are...

  1. Home
  2. Amazon Web Services
  3. AWS Certified Specialty
  4. SCS-C02
  5. SCS-C02 Questions
  6. AWS Certified Security - Specialty Practice Questions

A company runs a web application on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The EC2 instances are in the same VPC subnet as other workloads.

A security engineer deploys an Amazon GuardDuty detector in the same AWS Region as the EC2 instances. The security engineer also sets up an AWS Security Hub integration with GuardDuty.

The security engineer needs to implement an automated solution to detect and appropriately respond to anomalous traffic patterns for the web application. The solution must comply with AWS best practices for initial response to security incidents and must minimize disruption to the web application.

Which solution will meet these requirements?

A.

Create an Amazon EventBridge rule that detects the Behavior:EC2/TrafficVolumeUnusual GuardDuty finding. Configure the rule to invoke an AWS Lambda function to disable the EC2 instance profile access keys.

B.

Create an Amazon EventBridge rule that invokes an AWS Lambda function when GuardDuty detects anomalous traffic. Program the Lambda function to disassociate the identified instance from the Auto Scaling group and to isolate the instance by using a new restricted security group.

C.

Create a Security Hub automated response that updates the network ACL that is associated with the subnet of the EC2 instances. Configure the response to update the network ACL to deny traffic from the source of detected anomalous traffic.

D.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security engineer's email address to the SNS topic. Configure GuardDuty to send all findings to the SNS topic.

Amazon Web Services SCS-C02 View All Questions

Amazon Web Services SCS-C02 Summary

  • Vendor: Amazon Web Services
  • Product: SCS-C02
  • Update on: Aug 2, 2025
  • Questions: 417
Price: $52.5  $149.99
Buy Now SCS-C02 PDF + Testing Engine Pack
Next
A security engineer wants to forward custom application-security logs from an Amazon EC2 instance to...
Implementing Short-Term Credentials for Third-Party AWS Access
Previous

Payments We Accept

Your purchase with ExamsVCE is safe and fast. Your products will be available for immediate download after your payment has been received.
The ExamsVCE website is protected by 256-bit SSL from McAfee, the leader in online security.

examsvce payment method

Contact Us

Copyright © 2013-2025 examsvce.com. All Rights Reserved
mcafee secure

TESTED 02 Aug 2025