Bird
0
0

You want to integrate GuardDuty findings with a SIEM system for centralized alerting. Which AWS service can you use to export findings in near real-time?

hard📝 Application Q9 of 15
AWS - Advanced Security
You want to integrate GuardDuty findings with a SIEM system for centralized alerting. Which AWS service can you use to export findings in near real-time?
AAmazon EventBridge
BAWS CloudTrail
CAWS Config
DAmazon SNS
Step-by-Step Solution
Solution:

  1. Step 1: Identify GuardDuty integration options

    Amazon EventBridge can capture GuardDuty findings as events and forward them to external systems.

  2. Step 2: Exclude other services

    CloudTrail logs API calls, Config tracks resource changes, SNS is for notifications but not event routing to SIEM directly.

  3. Final Answer:

    Amazon EventBridge -> Option A

  4. Quick Check:

    GuardDuty to SIEM = EventBridge A [OK]
Quick Trick: Use EventBridge to stream GuardDuty findings to SIEM [OK]
Common Mistakes:
  • Using CloudTrail or Config for GuardDuty event export
  • Assuming SNS directly integrates with SIEM

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
Architecture Best Practices - Why AWS Well-Architected matters - Quiz 8hard Cost Optimization - S3 storage class optimization - Quiz 7medium Cost Optimization - Data transfer cost awareness - Quiz 6medium Cost Optimization - Data transfer cost awareness - Quiz 4medium Cost Optimization - Spot Instances for cost savings - Quiz 13medium ECS and Fargate - ECS with ALB integration - Quiz 7medium EKS - Node groups (managed, self-managed, Fargate) - Quiz 10hard Serverless Architecture - Serverless vs container decision - Quiz 8hard Serverless Architecture - Lambda with DynamoDB Streams - Quiz 3easy Serverless Architecture - Lambda with S3 event triggers - Quiz 15hard