1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. ANS-C01 Discussions
  6. ANS-C01 Exam Topic 3 Question 23 Discussion

Amazon Web Services Amazon AWS Certified Advanced Networking - Specialty ANS-C01 Question # 23 Topic 3 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services Amazon AWS Certified Advanced Networking - Specialty ANS-C01 Question # 23 Topic 3 Discussion

ANS-C01 Exam Topic 3 Question 23 Discussion:
Question #: 23
Topic #: 3

A company is running multiple workloads on Amazon EC2 instances in public subnets. In a recent incident, an attacker exploited an application vulnerability on one of the EC2 instances to gain access to the instance. The company fixed the application and launched a replacement EC2 instance that contains the updated application.

The attacker used the compromised application to spread malware over the internet. The company became aware of the compromise through a notification from AWS. The company needs the ability to identify when an application that is deployed on an EC2 instance is spreading malware.

Which solution will meet this requirement with the LEAST operational effort?
A.

Use Amazon GuardDuty to analyze traffic patterns by inspecting DNS requests and VPC flow logs.

B.

Use Amazon GuardDuty to deploy AWS managed decoy systems that are equipped with the most recent malware signatures.

C.

Set up a Gateway Load Balancer. Run an intrusion detection system (IDS) appliance from AWS Marketplace on Amazon EC2 for traffic inspection.

D.

Configure Amazon Inspector to perform deep packet inspection of outgoing traffic.

Get Premium ANS-C01 Questions
Actual exam question for Amazon Web Services ANS-C01 exam by Vega7545 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next