🔥 3-day streak
AWS Certified Security - Specialty57 / 184
Question 57 of 184

A security team wants to fully automate the initial containment of any EC2 instance that GuardDuty flags with a high-severity finding. When a finding arrives, the workflow must: apply a quarantine security group, capture the instance's running memory and process list for later analysis, and record the actions in an audit trail — all without an analyst logging into the instance interactively. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question