AIncorrect
AWS WAF
WAF is a service that blocks malicious requests to a web application using rules.
It does not analyze account-wide logs to detect threats, so this is incorrect.
Which managed service continuously analyzes logs in an AWS account (such as VPC flow logs, CloudTrail, and DNS logs) and automatically detects suspicious activity and potential threats?
1 / 1
Select an answer
CorrectC
Explanation
A question to choose the threat detection service based on log analysis.
- 1「logs」Targets VPC flow logs, CloudTrail, DNS logs, and more.
- 2「continuously analyzes」Monitors at all times to find anomalies.
- 3「automatically detects suspicious activity and potential threats」Threat detection = GuardDuty.
BIncorrect
AWS Shield
Shield is a service specialized in mitigating DDoS attacks.
It does not analyze logs to detect a broad range of threats, so this is incorrect.
CCorrect
Amazon GuardDuty
Correct. Amazon GuardDuty is a managed threat detection service that continuously analyzes VPC flow logs, CloudTrail, DNS logs, and more and automatically detects suspicious activity and potential threats using machine learning and threat intelligence. No agent deployment is required.
DIncorrect
Amazon Inspector
Amazon Inspector is a service that scans and assesses EC2 instances, container images, and Lambda functions for known software vulnerabilities.
Its focus is configuration weaknesses, and it does not continuously analyze logs to detect ongoing suspicious activity, so this is incorrect.
Key Takeaway
'Analyze logs' and 'detect threats' are Amazon GuardDuty (threat detection). Distinguish it from the defensive Shield (DDoS) and WAF (web attacks), and from Inspector (vulnerability scanning), which looks for configuration weaknesses. It is a managed, agentless service.