Exam SCS-C03 Topic 5 Question 98 Discussion

Actual exam question for Amazon's SCS-C03 exam
Question #: 98
Topic #: 5

A company needs to identify the root cause of security findings and investigate IAM roles involved in those findings. The company has enabled VPC Flow Logs, Amazon GuardDuty, and AWS CloudTrail.
Which solution will meet these requirements?

A. Use Amazon Detective to investigate IAM roles and visualize findings. B. Use Amazon Inspector and CloudWatch dashboards. C. Export GuardDuty findings to S3 and analyze with Athena. D. Use Security Hub custom actions to investigate IAM roles.

Suggested Answer: A Vote an answer

Amazon Detective is specifically designed to help security teams investigate and visualize the root cause of security findings. According to AWS Certified Security - Specialty documentation, Detective automatically aggregates and correlates data from GuardDuty, CloudTrail, and VPC Flow Logs to provide interactive visualizations and timelines.
Detective enables investigators to pivot from GuardDuty findings to IAM roles, API calls, network traffic, and resource behavior. This makes it the most efficient tool for understanding how IAM roles were used during suspicious activity.
Amazon Inspector focuses on vulnerability assessment, not behavioral investigation. Security Hub aggregates findings but does not provide deep investigation graphs. Manual analysis with Athena requires significantly more effort.
AWS guidance explicitly recommends Amazon Detective for root cause analysis and visualization of security incidents.
Referenced AWS Specialty Documents:
AWS Certified Security - Specialty Official Study Guide
Amazon Detective Investigation Capabilities
AWS Threat Detection and Analysis

by Marjorie at Mar 28, 2026, 04:11 PM

Limited Time Offer

15%

Off

Get Premium SCS-C03 Questions as Interactive Self Test Engine or PDF

Comments

0 Happy Clients

0 Shares

0 Demo Downloads

10 Years in Business