Your company is hosting a set of EC2 Instances on AWS.
They want to have the ability to detect if any port scans occur on their AWS EC2 Instances.
Which of the following can help in this regard?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
It cannot assist with a detailed port scanning to determine which ports on a network are open and could be receiving or sending data and identify vulnerabilities.
Option B is incorrect because Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps.
It cannot assist with a detailed port scanning to determine which ports on a network are open and could be receiving or sending data and identify vulnerabilities.
Option C is incorrect because AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources but does not help with port scanning on our AWS resource and Infrastructure.
Option D is CORRECT because, In combination with information gleaned from your VPC Flow Logs, AWS CloudTrail Event Logs, and DNS logs, GuardDuty can detect many different types of dangerous and mischievous behavior, including probes for known vulnerabilities, port scans, and access from unusual locations.
For more information on AWS GuardDuty, kindly refer to the following URL:
https://aws.amazon.com/blogs/aws/amazon-guardduty-continuous-security-monitoring-threat-detection/The correct answer is D. Use AWS GuardDuty to monitor any malicious port scans.
AWS GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior on AWS accounts and workloads. It can help detect various types of security issues, including port scans.
A port scan is a method used by attackers to discover open ports and vulnerable services on a target system. GuardDuty analyzes network traffic and VPC flow logs to detect patterns of port scanning and other malicious activity. It uses machine learning to identify potential threats and generates alerts to notify you of any suspicious behavior.
Option A, using AWS Macie, is not the appropriate service for this scenario. Macie is a data security and privacy service that uses machine learning to identify and classify sensitive data stored in AWS, but it does not provide any network monitoring capabilities.
Option B, using AWS Trusted Advisor, is also not relevant to this scenario. Trusted Advisor is a service that provides recommendations on how to optimize your AWS resources for security, cost, and performance, but it does not provide any threat detection capabilities.
Option C, using AWS Config, can help you monitor the configuration of your AWS resources, but it does not provide any network monitoring capabilities to detect port scans.
In summary, AWS GuardDuty is the most appropriate service to detect port scans on your EC2 Instances, as it provides network monitoring and threat detection capabilities using machine learning.