🔥 3-day streak
AWS Certified Security - Specialty69 / 184
Question 69 of 184
A security engineer discovers that Amazon GuardDuty was intentionally disabled in the production account three weeks ago by a departing administrator, leaving a detection gap. The incident-response team needs to restore threat detection and, as part of recovery, retroactively understand what malicious activity may have occurred during the blind period without waiting weeks for new findings to accumulate. Which approach best supports both re-enabling detection and analyzing the historical gap?
Reviewed for accuracy · Report an issueNext question