Home › AWS Cloud Practitioner › cloudcomputing › securitycompliance › An organization wants to detect threats like unu…
An organization wants to detect threats like unusual API calls, compromised EC2 instances, or potentially exposed credentials by analyzing CloudTrail, VPC Flow Logs, and DNS logs with machine learning. Which AWS service is designed for exactly this?
AAWS WAF
BAWS Trusted Advisor
CAmazon Macie
DAmazon GuardDuty
Answer & Solution
Correct answer: D. Amazon GuardDuty
GuardDuty is the managed threat-detection service that continuously analyzes CloudTrail, VPC Flow Logs, and DNS logs with ML for malicious or anomalous activity. WAF is layer-7 web filtering, Trusted Advisor is a configuration auditor, and Macie focuses on discovering sensitive data in S3.
Related questions
AWS IAM Identity Center (formerly AWS SSO) primarily lets you:Which combination correctly describes encryption in transit versus encryption at rest?A team wants to block common web exploits like SQL injection and cross-site scripting at tFor Amazon RDS, which of the following best describes the shared responsibility split?What is the difference between an IAM user and an IAM role?The principle of least privilege, as applied via IAM, recommends that you:Which AWS service logs all API calls made against the AWS account, so administrators can aWhich task can ONLY be performed by the AWS account root user, and not by any IAM user eve