Question #1003
A company wants to centralize and prioritize security findings from various AWS services into a single interface for improved visibility and streamlined incident response. Which AWS service should they use to achieve this?
Amazon GuardDuty
Amazon Inspector
Amazon Macie
AWS Security Hub
Explanation
AWS Security Hub is designed to centralize security findings from various AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Config, and AWS Firewall Manager. It aggregates these findings into a unified interface, prioritizes them based on severity, and provides automated compliance checks. This meets the requirement of improved visibility and streamlined incident response.
Other options are incorrect because:
- A. Amazon GuardDuty focuses on threat detection (e.g., unauthorized access) but does not aggregate findings from other services.
- B. Amazon Inspector performs vulnerability assessments for EC2 instances and container images but does not centralize external findings.
- C. Amazon Macie specializes in sensitive data discovery and protection (e.g., in S3 buckets) but does not aggregate findings from other services.
Key Points: AWS Security Hub acts as a centralized hub for security alerts, integrates with AWS-native services, and supports automated workflows for remediation.
Answer
The correct answer is: D