🔥 3-day streak
AWS Certified DevOps Engineer - Professional172 / 204
Question 172 of 204

A security team has enabled Amazon GuardDuty across an AWS Organization with a delegated administrator account. A dedicated vulnerability scanning EC2 instance runs authorized port scans against internal subnets every night as part of the compliance program. GuardDuty repeatedly generates 'Recon:EC2/Portscan' findings for this instance, flooding the security team's ticketing queue and desensitizing analysts to genuine threats. The team wants to stop these specific benign findings from consuming analyst attention while ensuring the same finding type is still generated and investigated when it originates from ANY other instance. What is the MOST operationally efficient approach?

Reviewed for accuracy · Report an issueNext question