Table of Contents
hide
Amazon GuardDuty
- Amazon GuardDuty is a threat detection service that continuously monitors the AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
- GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources:
- CloudTrail S3 data events and management event logs,
- DNS logs,
- EKS audit logs, and
- VPC flow logs.
- GuardDuty uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within the AWS environment.
- GuardDuty is a Regional service and is recommended to be enabled in all supported AWS Regions. This enables GuardDuty to generate findings of unauthorized or unusual activity even in Regions not actively used.
- GuardDuty supports
- Suppression rules allow the creation of very specific combinations of attributes to suppress findings.
- Trusted IP List for highly secure communication with the AWS environment. Findings are not generated based on trusted IP lists.
- Threat List for known malicious IP addresses. Findings are generated based on threat lists.
- Security findings are retained and made available through the GuardDuty console and APIs for 90 days, after which they are discarded.
AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- Which AWS service makes it easy to detect and report unexpected and potentially malicious activity in your AWS environment?
- AWS Shield
- AWS Inspector
- AWS GuardDuty
- AWS WAF