GuardDuty

Question 1

What is GuardDuty

Answer 1

a service that analyzes VPC flow log, DNS log, S3 data events and CloudTrail management

Question 2

Who can enable GuardDuty

Answer 2

admin user

Question 3

How long data is stored in GuardDuty

Answer 3

90 days

Question 4

What is the recommended approach to keep track of ‘findings’ by GuardDuty

Answer 4

store in S3

Question 5

How can someone be notified if a security threat is being detected by GuardDuty

Answer 5

1. Create SNS topic
2. Create EventBridge rule to capture findings from GuardDuty
3. Ensure that EventBridge is able to push the finding to the SNS topic

Question 6

What is account

Answer 6

Account that contains resources

Question 7

What is member accounts

Answer 7

It is possible to invite other aws account to join the administrative account - in which case the accounts are called as member account

Question 8

What is a Detector

Answer 8

a logical component per region that represents a GuardDuty service in that region

Question 9

What is Data Source

Answer 9

sources of data - that GuardDuty analyzes

Question 10

What is findings

Answer 10

findings discovered by GuardDuty

Question 11

What is suppression rule

Answer 11

an expression to suppress a finding

Question 12

What is trusted IP list

Answer 12

a list of IP addresses for which GuardDuty does not generate findings

Question 13

What is Threat List

Answer 13

a malicious list of IP addresses