Q25 — AWS SCS-C02 Ch.1

Question 25 of 100 | ← Chapter 1

A company’s security engineer wants to receive an email alert whenever Amazon GuardDuty, AWS Identity and Access Management Access Analyzer, or Amazon Macie generate a high-severity security nding. The company uses AWS Control Tower to govern all of its accounts. The company also uses AWS Security Hub with all of the AWS service integrations turned on. Which solution will meet these requirements with the LEAST operational overhead?

Correct Answer: B. Create an Amazon EventBridge rule with a pattern that matches Security Hub ndings events with high severity. Congure the rule to send the ndings to a target Amazon Simple Notication Service (Amazon SNS) topic. Subscribe the desired email addresses to the SNS topic.

Explanation

AWS服务集成中,当多个安全服务(GuardDuty、IAM Access Analyzer、Macie)生成高严重性事件时,AWS Security Hub默认聚合这些结果。Amazon EventBridge支持直接订阅Security Hub的事件,并通过规则过滤高严重性级别。选项B通过单一EventBridge规则匹配Security Hub的事件模式,触发SNS通知,无需额外代码或资源维护,符合最小操作开销原则。其他选项涉及自定义Lambda、轮询API或EC2实例,增加了复杂性和管理成本。AWS官方文档提到Security Hub与EventBridge的集成可直接转发合规的安全事件。