Q25 — AWS SCS-C02 Ch.1
Question 25 of 100 | ← Chapter 1
A company’s security engineer wants to receive an email alert whenever Amazon GuardDuty, AWS Identity and Access Management Access Analyzer, or Amazon Macie generate a high-severity security nding. The company uses AWS Control Tower to govern all of its accounts. The company also uses AWS Security Hub with all of the AWS service integrations turned on. Which solution will meet these requirements with the LEAST operational overhead?
- A. Set up separate AWS Lambda functions for GuardDuty, IAM Access Analyzer, and Macie to call each service's public API to retrieve highseverity ndings. Use Amazon Simple Notication Service (Amazon SNS) to send the email alerts. Create an Amazon EventBridge rule to invoke the functions on a schedule.
- B. Create an Amazon EventBridge rule with a pattern that matches Security Hub ndings events with high severity. Congure the rule to send the ndings to a target Amazon Simple Notication Service (Amazon SNS) topic. Subscribe the desired email addresses to the SNS topic. ✓
- C. Create an Amazon EventBridge rule with a pattern that matches AWS Control Tower events with high severity. Congure the rule to send the ndings to a target Amazon Simple Notication Service (Amazon SNS) topic. Subscribe the desired email addresses to the SNS topic.
- D. Host an application on Amazon EC2 to call the GuardDuty. IAM Access Analyzer, and Macie APIs. Within the application, use the Amazon Simple Notication Service (Amazon SNS) API to retrieve high-severity ndings and to send the ndings to an SNS topic. Subscribe the desired email addresses to the SNS topic.
Correct Answer: B. Create an Amazon EventBridge rule with a pattern that matches Security Hub ndings events with high severity. Congure the rule to send the ndings to a target Amazon Simple Notication Service (Amazon SNS) topic. Subscribe the desired email addresses to the SNS topic.
Explanation
AWS服务集成中,当多个安全服务(GuardDuty、IAM Access Analyzer、Macie)生成高严重性事件时,AWS Security Hub默认聚合这些结果。Amazon EventBridge支持直接订阅Security Hub的事件,并通过规则过滤高严重性级别。选项B通过单一EventBridge规则匹配Security Hub的事件模式,触发SNS通知,无需额外代码或资源维护,符合最小操作开销原则。其他选项涉及自定义Lambda、轮询API或EC2实例,增加了复杂性和管理成本。AWS官方文档提到Security Hub与EventBridge的集成可直接转发合规的安全事件。