Skip to Content

ANS-C01: How to Detect Port Scanning Activity on AWS

By: Author Alex Lim

Posted on

Categories Amazon, Exam

Learn how to use VPC Flow Logs, CloudWatch, and SNS to detect and notify port scanning activity on AWS

Table of Contents

Question

A company has a three-tier web application with separate subnets for Web, Application and Database tiers. The CTO at the company wants to monitor any malicious activity targeting the web application running on EC2 instances. As a network engineer, you have been tasked with developing a solution to notify the CTO in case the web application running on EC2 instances is port scanned by external systems.
Which of the following AWS Services would you use to build such an automated notification system that requires the least development effort? (Select two)

A. AWS Shield
B. Amazon CloudWatch
C. Amazon SNS
D. Amazon Inspector
E. VPC Flow Logs

Answer

B. Amazon CloudWatch
E. VPC Flow Logs

Explanation

The correct answer is B and E. Amazon CloudWatch and VPC Flow Logs. This is because VPC Flow Logs can capture the network traffic metadata for the web subnet, including the source and destination IP addresses, ports, protocols, and bytes transferred. Amazon CloudWatch can monitor the VPC Flow Logs and create metrics and alarms based on the patterns of port scanning activity, such as a large number of rejected connections from the same source IP address. Amazon SNS can then be used to send notifications to the CTO when the CloudWatch alarms are triggered.

The other options are not correct because:

  • A. AWS Shield: This is a service that provides protection against distributed denial of service (DDoS) attacks, not port scanning.
  • C. Amazon SNS: This is a service that can send notifications to subscribers, but it cannot detect port scanning activity by itself. It needs to be integrated with another service that can monitor the network traffic, such as CloudWatch.
  • D. Amazon Inspector: This is a service that can perform security assessments on EC2 instances, but it cannot detect port scanning activity from external systems. It can only check the configuration and vulnerabilities of the instances themselves.

The latest AWS Certified Advanced Networking – Specialty ANS-C01 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.