🔥 3-day streak
AWS Certified Security - Specialty171 / 184
Question 171 of 184
A security analyst needs to investigate potential port-scanning activity against instances in a production VPC. VPC Flow Logs are already being delivered to an S3 bucket in Parquet format, and the analyst wants to run ad hoc SQL queries to identify source IP addresses generating a high volume of REJECT records across many distinct destination ports within a specific one-hour window. What is the MOST efficient way to accomplish this without provisioning additional infrastructure?
Reviewed for accuracy · Report an issueNext question