0
0
AWScloud~5 mins

GuardDuty for threat detection in AWS - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is AWS GuardDuty?
AWS GuardDuty is a security service that continuously monitors your AWS accounts and workloads for malicious or unauthorized behavior to help protect your AWS environment.
Click to reveal answer
intermediate
How does GuardDuty detect threats?
GuardDuty analyzes data from AWS CloudTrail logs, VPC Flow Logs, and DNS logs using machine learning, anomaly detection, and integrated threat intelligence to identify suspicious activity.
Click to reveal answer
intermediate
What types of findings can GuardDuty generate?
GuardDuty findings include unauthorized access attempts, reconnaissance activities, compromised instances, and unusual API calls, helping you quickly identify potential security issues.
Click to reveal answer
intermediate
Can GuardDuty be enabled across multiple AWS accounts?
Yes, GuardDuty supports multi-account management where a master account can manage and view findings from multiple member accounts for centralized threat detection.
Click to reveal answer
beginner
What should you do after GuardDuty generates a finding?
After a finding, review the details in the GuardDuty console, investigate the source, and take appropriate actions such as isolating resources, updating security groups, or rotating credentials.
Click to reveal answer
Which data sources does GuardDuty use to detect threats?
AIAM user passwords
BS3 bucket contents only
CEC2 instance logs only
DCloudTrail logs, VPC Flow Logs, DNS logs
What is the main benefit of enabling GuardDuty in your AWS account?
AFree data backup service
BAutomatic patching of EC2 instances
CContinuous threat detection and alerting
DCost optimization recommendations
Can GuardDuty findings be shared across multiple AWS accounts?
AOnly if accounts are in different regions
BYes, using a master and member account setup
CNo, findings are isolated per account
DOnly for accounts with the same billing
Which of the following is NOT a type of GuardDuty finding?
AEC2 instance CPU usage spikes
BUnauthorized access attempts
CUnusual API calls
DReconnaissance activities
What is the first step after receiving a GuardDuty finding?
AReview the finding details and investigate
BDelete the affected EC2 instance immediately
CIgnore if the finding is from a trusted IP
DDisable GuardDuty to stop alerts
Explain how AWS GuardDuty helps protect your cloud environment.
Think about what data GuardDuty looks at and what it does with that data.
You got /4 concepts.
    Describe the process to respond to a GuardDuty threat detection finding.
    Focus on steps after GuardDuty alerts you.
    You got /4 concepts.