AWS Security - Domain 2 - 50X - QUESTIONS AND ANSWERS

Here are 50 unique questions and answers for Domain 2: Security Logging and Monitoring, covering all task statements, knowledge, and skills as outlined in the AWS Certified Security - Specialty (SCS-C02) Exam Guide.   Enjoy...   ## Domain 2: Security Logging and Monitoring   ### Task Statement 2.1: Design and implement monitoring and alerting to address security events.   **Knowledge of:** - 2.1.1 AWS services that monitor events and provide alarms (for example, CloudWatch, EventBridge) - 2.1.2 AWS services that automate alerting (for example, Lambda, Amazon Simple Notification Service [Amazon SNS], Security Hub) - 2.1.3 Tools that monitor metrics and baselines (for example, GuardDuty, Systems Manager)   **Skills in:** - 2.1.4 Analyzing architectures to identify monitoring requirements and sources of data for security monitoring - 2.1.5 Analyzing environments and workloads to determine monitoring requirements - 2.1.6 Designing environment monitoring and workload monitoring based on business and security requirements - 2.1.7 Setting up automated tools and scripts to perform regular audits (for example, by creating custom insights in Security Hub) - 2.1.8 Defining the metrics and thresholds that generate alerts   ### Task Statement 2.2: Troubleshoot security monitoring and alerting.   **Knowledge of:** - 2.2.1 Configuration of monitoring services (for example, Security Hub) - 2.2.2 Relevant data that indicates security events   **Skills in:** - 2.2.3 Analyzing the service functionality, permissions, and configuration of resources after an event that did not provide visibility or alerting - 2.2.4 Analyzing and remediating the configuration of a custom application that is not reporting its statistics - 2.2.5 Evaluating logging and monitoring services for alignment with security requirements   ### Task Statement 2.3: Design and implement a logging solution.   **Knowledge of:** - 2.3.1 AWS services and features that provide logging capabilities (for example, VPC Flow Logs, DNS logs, AWS CloudTrail, Amazon CloudWatch Logs) - 2.3.2 Attributes of logging capabilities (for example, log levels, type, verbosity) - 2.3.3 Log destinations and lifecycle management (for example, retention period)   **Skills in:** - 2.3.4 Configuring logging for services and applications - 2.3.5 Identifying logging requirements and sources for log ingestion - 2.3.6 Implementing log storage and lifecycle management according to AWS best practices and organizational requirements   ### Task Statement 2.4: Troubleshoot logging solutions.   **Knowledge of:** - 2.4.1 Capabilities and use cases of AWS services that provide data sources (for example, log level, type, verbosity, cadence, timeliness, immutability) - 2.4.2 AWS services and features that provide logging capabilities (for example, VPC Flow Logs, DNS logs, CloudTrail, CloudWatch Logs) - 2.4.3 Access permissions that are necessary for logging   **Skills in:** - 2.4.4 Identifying misconfiguration and determining remediation steps for absent access permissions that are necessary for logging (for example, by managing read/write permissions, S3 bucket permissions, public access, and integrity) - 2.4.5 Determining the cause of missing logs and performing remediation steps   ### Task Statement 2.5: Design a log analysis solution.   **Knowledge of:** - 2.5.1 Services and tools to analyze captured logs (for example, Athena, CloudWatch Logs filter) - 2.5.2 Log analysis features of AWS services (for example, CloudWatch Logs Insights, CloudTrail Insights, Security Hub insights) - 2.5.3 Log format and components (for example, CloudTrail logs)   **Skills in:** - 2.5.4 Identifying patterns in logs to indicate anomalies and known threats - 2.5.5 Normalizing, parsing, and correlating logs

There are no comments yet.

Please log in to write the first comment.